I’m setting up a Pritunl cluster on AWS with the following setup:
- 2 EC2 instances for Pritunl (v1.32.3732.84) running on Oracle Linux 8.8
- 1 EC2 instance for MongoDB (v7) running on AL2023. We are aware of the ongoing issue with MongoDB7, but AL2 is going EoL on 2025, thus we would like to avoid having to replace the MongoDB instance while in production
- Security groups that allow access to the instances and port 4789 for host-to-host messaging
- IAM role for VPC/Route53 access
Now, the setup works perfectly when replication count is set to 1, but setting it to 2 causes one of the endpoint to be available (i.e., you can connect from Pritunl client to the server) but not working at all. Issue doesn’t seem to reside on one specific instance, as both seems working perfectly fine when working alone.
I noticed with wireshark that port 4789 does not receive any message at all, on both hosts, but it is not filtered in any way, as I tried sending packets with nc from one host to another and I was able to get the packets.
Finally, I noticed that rp_filter was set to 0 while the older VPN setup (still with Pritunl and with server replication working fine) had all the interfaces with rp_filter set to 2. I tried changing that as well but still no communication between the hosts.
What can I do?