Server replication issue

Pritunl Pritunl VPN
1

Hello!

I’m setting up a Pritunl cluster on AWS with the following setup:

  • 2 EC2 instances for Pritunl (v1.32.3732.84) running on Oracle Linux 8.8
  • 1 EC2 instance for MongoDB (v7) running on AL2023. We are aware of the ongoing issue with MongoDB7, but AL2 is going EoL on 2025, thus we would like to avoid having to replace the MongoDB instance while in production
  • Security groups that allow access to the instances and port 4789 for host-to-host messaging
  • IAM role for VPC/Route53 access

Now, the setup works perfectly when replication count is set to 1, but setting it to 2 causes one of the endpoint to be available (i.e., you can connect from Pritunl client to the server) but not working at all. Issue doesn’t seem to reside on one specific instance, as both seems working perfectly fine when working alone.
I noticed with wireshark that port 4789 does not receive any message at all, on both hosts, but it is not filtered in any way, as I tried sending packets with nc from one host to another and I was able to get the packets.
Finally, I noticed that rp_filter was set to 0 while the older VPN setup (still with Pritunl and with server replication working fine) had all the interfaces with rp_filter set to 2. I tried changing that as well but still no communication between the hosts.

What can I do?

2

MongoDB servers are not difficult to upgrade. I have not been able keep a MongoDB 7 database stable, it will very regularly break capped collections. Attempting to use it will eventually cause the server to stop functioning. It will produce issues that are difficult to debug because the internal messaging system built with capped collections and tailable cursors stops updating without any error message. You will need to run the command below to lower the feature version and update the repository file to 6.0 then downgrade the package.

mongo
db.adminCommand({setFeatureCompatibilityVersion: "6.0"});
exit
sudo dnf downgrade mongodb-org-6.0.13 mongodb-org-database-6.0.13 mongodb-org-database-tools-extra-6.0.13 mongodb-org-mongos-6.0.13 mongodb-org-server-6.0.13

Port 4789 is for the VXLAN to handle client to client traffic. Host communication is done with the capped collections in the database.

If you are having a routing issues on the routes and have a non-NAT configuration it is likely from source/dest check not disabled on the instance or an incorrect routing/firewall configuration. You can also check the local IP in the hosts tab to verify the correct instance IP is used for the VXLAN.