Enterprise Licensing keeps resetting

JMerk · February 20, 2024, 5:00pm

Hello,

I’ve recently rebuilt a problematic server and have built a server problematic in a different way! I activated the new server using the license key from another server we run. It activated, seemingly, fine. However, a few times a day I’ll click back into the VPN web client to check on it, and it will have reset back to a standard version. It’s also now doing this on our other server that I copied the license from.

I’ve allowed access to app.pritunl.com from our firewall, and from within the Pritunl host VM itself, can ping to app.pritunl.com no problem. Any ideas? In the web interface logs I’m getting this:

Traceback (most recent call last):
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 799, in urlopen
    retries = retries.increment(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='app.pritunl.com', port=443): Max retries exceeded with url: /subscription (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fef0c7aac70>, 'Connection to app.pritunl.com timed out. (connect timeout=20)'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/subscription.py", line 44, in update
    response = requests.get(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/adapters.py", line 507, in send
    raise ConnectTimeout(e, request=request)
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='app.pritunl.com', port=443): Max retries exceeded with url: /subscription (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fef0c7aac70>, 'Connection to app.pritunl.com timed out. (connect timeout=20)'))

fmalykh · February 21, 2024, 8:38am

Same issue happens for me as well.

zach · February 21, 2024, 4:43pm

It could be a networking issue with the server. If the server has linked servers it’s possible the routes are interfering with the routing. It would otherwise likely be a network issue with the hosts internet connection.

Arvee · February 26, 2024, 6:07pm

This just started to happed with my install as well.

JMerk · February 27, 2024, 5:15pm

@Arvee @fmalykh

Do you guys have more than one VPN running in your network? I’m still working on this issue, and this seems to be the common denominator.

Arvee · February 27, 2024, 9:19pm

I have 1 Server with 3-4 hosts.

Prolly not related but just incase it is, It also seems that yubikey things are unhappy. Non yubikey users still are able to authenticate using Azure auth. I have since run “sudo pritunl set user.skip_remote_sso_check true” in the CLI and users can connect again.

Traceback (most recent call last):
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/user/user.py”, line 422, in sso_auth_check
resp = requests.get(auth_server +
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/api.py”, line 73, in get
return request(“get”, url, params=params, **kwargs)
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/api.py”, line 59, in request
return session.request(method=method, url=url, **kwargs)
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/sessions.py”, line 589, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/sessions.py”, line 703, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/adapters.py”, line 519, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘auth.pritunl.com’, port=443): Max retries exceeded with url

JMerk · March 7, 2024, 8:45pm

In a hail mary attempt to fix this, we rolled back the firmware on our Meraki Firewall and that appears to have fixed it. Haven’t had any issues today, when normally would have been going back and forth multiple times by this point.

Arvee · March 12, 2024, 2:16pm

I also run a Meraki firewall, but unfortunately I am unable to roll-back as updates were applied more than 14 days ago.

Good news I guess, this gives me a place to start looking.

Arvee · March 12, 2024, 2:37pm

Turns out while the rollback feature of Meraki was aged out as being past 14 days. This firewall was running a stable release candidate for some reason. 18.208 to be specific. I was able to revert to the true stable channel and am now running 18.107.2

Problem still exists.

Arvee · March 12, 2024, 3:13pm

Ok last update for today hopefully.

After the Merkai firewall rebooted itself a bit after it claimed to be running the 18.107.2 firmware things seem to all be working again. Including yubikey authentication. The System log is not currently getting cluttered up with python errors.

Not sure what in 18.208 breaks what, but at least it seems to be happy at the moment.

Thank you @JMerk for the tip.