I can't verify, but after your message I allowed all outgoing traffic on Server's 2 firewall.
Indeed, I had to add a static rule to /etc/network/interfaces on Server 1
up ip route add 192.168.2.24/32 via 10.10.10.16 dev br0
I think I have everything running as of now.
One issue remains...
Yes! Disabling TFA did the trick!
Node joined the cluster with issues though:
root@pmg2:~# pmgcm join 10.10.10.14 --fingerprint D2:6B:2E:3C:C7:46:69:13:9C:AC:98:2D:55:98:5B:06:67:E6:33:42:A9:A1:E1:81:22:56:41:27:BF:71:49:E9
stop all services accessing the database
save new cluster...
I tailed one log at a time and performed two attempts to join.
I did one join again and have the following simultaneous logs:
::ffff:10.10.10.16 - - [24/01/2022:13:10:21 +0100] "POST /api2/json/access/ticket HTTP/1.1" 200 565
::ffff:10.10.10.16 - - [24/01/2022:13:10:21 +0100] "POST...
Time sync is correct.
root@pmg:~# ntpdate ntp.belnet.be
24 Jan 11:47:47 ntpdate: adjust time server 18.104.22.168 offset +0.003148 sec
root@pmg2:~# ntpdate ntp.belnet.be
24 Jan 11:47:29 ntpdate: adjust time server 22.214.171.124 offset +0.000521 sec
During attempt to join I get...
okay, so I presumed an error with fingerprint, so went for reinstalling making sure certificates were kept pristine.
Did a clean re-install of server 1 & 2.
Didn't touch any certificates in /etc/ssh or /root/.ssh at all
Restore from backup on server 1 (server 2 was blank anyway)
Consider the following situation:
Server 1 in location 1
10.10.10.14 in DMZ
PMG community edition: wanna-be master in cluster yet to create
Stock PMG installation, with LetsEncrypt
+ openvpn (server tap bridge mode)
+ port 22219 in ssh. Login through password disabled
Consider a 3 node setup with each node having 2x 10GB & 6x 1GB Nic.
Is it more interesting to speedup replication between the nodes using 10GB interconnects and have the VM's communicate on 1GB (scenario 1) or is it more interesting to speed up VM <—> desktop access (scenario 2)