EC2 Fail - ""Unable to restart service netfilter-persistent"

Describe the bug
--> Please include the following block of text when reporting issues:
Algo running on: Ubuntu 19.04 (Virtualized: vmware) Created from git clone. Last commit: 655729e Update CHANGELOG.md Python 2.7.16 Runtime variables: algo_provider "ec2" algo_ondemand_cellular "True" algo_ondemand_wifi "True" algo_ondemand_wifi_exclude "X251bGw=" algo_dns_adblocking "False" algo_ssh_tunneling "False" wireguard_enabled "False" dns_encryption "True"
To Reproduce
Steps to reproduce the behavior:
Follow steps on Github page for setting up EC2 Instance with Algo
Follow steps installed Algo on localhost
Execute Algo
Expected behavior
Create VPN successfully
Additional context
The only changes i made to the config.cfg are MTU to 1420 and I set wireguard to false
Full log
user@user:~/algo$ ./algo

PLAY [localhost] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Ensure the requirements installed] ***************************************
ok: [localhost]

TASK [Set required ansible version as a fact] **********************************
ok: [localhost] => (item=ansible==2.7.12)

TASK [Verify Ansible meets Algo VPN requirements.] *****************************
ok: [localhost] => {
    "changed": false, 
    "msg": "All assertions passed"
}

PLAY [Ask user for the input] **************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. CloudStack (Exoscale optimised)
    10. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider
:

TASK [Cloud prompt] ************************************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:

TASK [VPN server name prompt] **************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] ***********************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [Wi-Fi On Demand prompt] **************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:

TASK [Trusted Wi-Fi networks prompt] *******************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the PKI prompt] ***************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] ***************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ****************************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]

PLAY [Provision the server] ****************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 19.04 (Virtualized: vmware)
Created from git clone. Last commit: 655729e Update CHANGELOG.md
Python 2.7.16
Runtime variables:
    algo_provider "ec2"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "False"
    wireguard_enabled "False"
    dns_encryption "True"

TASK [Display the invocation environment] **************************************
changed: [localhost -> localhost]

TASK [Install the requirements] ************************************************
ok: [localhost -> localhost]

TASK [Generate the SSH private key] ********************************************
ok: [localhost]

TASK [Generate the SSH public key] *********************************************
ok: [localhost]

TASK [cloud-ec2 : Install requirements] ****************************************
ok: [localhost]
[cloud-ec2 : pause]
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
 (output is hidden):

TASK [cloud-ec2 : pause] *******************************************************
ok: [localhost]
[cloud-ec2 : pause]
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
 (output is hidden):

TASK [cloud-ec2 : pause] *******************************************************
ok: [localhost]

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [cloud-ec2 : Get regions] *************************************************
ok: [localhost]

TASK [cloud-ec2 : Set facts about the regions] *********************************
ok: [localhost]

TASK [cloud-ec2 : Set the default region] **************************************
ok: [localhost]
[cloud-ec2 : pause]
What region should the server be located in?
(https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
    1. ap-northeast-1
    2. ap-northeast-2
    3. ap-south-1
    4. ap-southeast-1
    5. ap-southeast-2
    6. ca-central-1
    7. eu-central-1
    8. eu-north-1
    9. eu-west-1
    10. eu-west-2
    11. eu-west-3
    12. sa-east-1
    13. us-east-1
    14. us-east-2
    15. us-west-1
    16. us-west-2

Enter the number of your desired region
[13]
:

TASK [cloud-ec2 : pause] *******************************************************
ok: [localhost]

TASK [cloud-ec2 : Set algo_region and stack_name facts] ************************
ok: [localhost]

TASK [cloud-ec2 : Locate official AMI for region] ******************************
ok: [localhost]

TASK [cloud-ec2 : Set the ami id as a fact] ************************************
ok: [localhost]

TASK [cloud-ec2 : Deploy the template] *****************************************
changed: [localhost]

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] *********************************************
ok: [localhost]

TASK [Add the server to an inventory group] ************************************
changed: [localhost]

TASK [Additional variables for the server] *************************************
changed: [localhost]

TASK [Wait until SSH becomes ready...] *****************************************
ok: [localhost]

TASK [Linux | set OS specific facts] *******************************************
ok: [localhost]

TASK [Set config paths as facts] ***********************************************
ok: [localhost]

TASK [Update config paths] *****************************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "54.241.232.235"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ****************
ok: [localhost]

PLAY [Configure the server and install required software] **********************

TASK [common : Check the system] ***********************************************
ok: [54.241.232.235]
included: /home/user/algo/roles/common/tasks/ubuntu.yml for 54.241.232.235

TASK [common : Gather facts] ***************************************************
ok: [54.241.232.235]

TASK [common : Install software updates] ***************************************
changed: [54.241.232.235]

TASK [common : Check if reboot is required] ************************************
changed: [54.241.232.235]

TASK [common : Install unattended-upgrades] ************************************
ok: [54.241.232.235]

TASK [common : Configure unattended-upgrades] **********************************
changed: [54.241.232.235]

TASK [common : Periodic upgrades configured] ***********************************
changed: [54.241.232.235]

TASK [common : Disable MOTD on login and SSHD] *********************************
changed: [54.241.232.235] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
changed: [54.241.232.235] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Loopback for services configured] *******************************
changed: [54.241.232.235]

TASK [common : systemd services enabled and started] ***************************
ok: [54.241.232.235] => (item=systemd-networkd)
ok: [54.241.232.235] => (item=systemd-resolved)

RUNNING HANDLER [common : restart systemd-networkd] ****************************
changed: [54.241.232.235]

TASK [common : Check apparmor support] *****************************************
ok: [54.241.232.235]

TASK [common : Set fact if apparmor enabled] ***********************************
ok: [54.241.232.235]

TASK [common : Generate password for the CA key] *******************************
changed: [54.241.232.235 -> localhost]

TASK [common : Generate p12 export password] ***********************************
changed: [54.241.232.235 -> localhost]

TASK [common : Define facts] ***************************************************
ok: [54.241.232.235]

TASK [common : Set facts] ******************************************************
ok: [54.241.232.235]

TASK [common : Set IPv6 support as a fact] *************************************
ok: [54.241.232.235]

TASK [common : Check size of MTU] **********************************************
ok: [54.241.232.235]

TASK [common : Set OS specific facts] ******************************************
ok: [54.241.232.235]

TASK [common : Install tools] **************************************************
changed: [54.241.232.235]

TASK [common : Install headers] ************************************************
changed: [54.241.232.235]
included: /home/user/algo/roles/common/tasks/iptables.yml for 54.241.232.235

TASK [common : Iptables configured] ********************************************
changed: [54.241.232.235] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})

TASK [common : Iptables configured] ********************************************
changed: [54.241.232.235] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})

TASK [common : Sysctl tuning] **************************************************
changed: [54.241.232.235] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [54.241.232.235] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [54.241.232.235] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

RUNNING HANDLER [common : restart iptables] ************************************
fatal: [54.241.232.235]: FAILED! => {"changed": false, "msg": "Unable to restart service netfilter-persistent: Job for netfilter-persistent.service failed because the control process exited with error code.\nSee \"systemctl status netfilter-persistent.service\" and \"journalctl -xe\" for details.\n"}
included: /home/user/algo/playbooks/rescue.yml for 54.241.232.235

TASK [debug] *******************************************************************
ok: [54.241.232.235] => {
    "fail_hint": [
        "Sorry, but something went wrong!", 
        "Please check the troubleshooting guide.", 
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] ***************************************************
fatal: [54.241.232.235]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP *********************************************************************
54.241.232.235             : ok=29   changed=14   unreachable=0    failed=2   
localhost                  : ok=42   changed=5    unreachable=0    failed=0
trailofbits / algo

EC2 Fail - ""Unable to restart service netfilter-persistent" #1566
