macOS Client disconnects after 65 seconds

I’m having trouble with connecting using the Pritunl Client on macOS 12.5 (M1).

More often than not, the client will appear to connect, but after 65 seconds the connection will be terminated. This does not happen on first boot, but does happen on almost every subsequent connection to the VPN. I have included both the client and server logs below.


##Server Logs##
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_VER=2.5.3
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_PLAT=mac
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_PROTO=6
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_NCP=2
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-128-CBC
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_LZ4=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_LZ4v2=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_LZO=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_COMP_STUB=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_COMP_STUBv2=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_TCPNL=1
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_HWADDR=3c:a6:f6:32:e8:01
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: IV_SSL=OpenSSL_1.1.1k__25_Mar_2021
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: UV_ID=************6a2
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 peer info: UV_NAME=summer-skies-6634
[winter-stars-7441] Tue Aug  9 11:17:01 2022 **.**.**.**:52271 [************2e7] Peer Connection Initiated with [AF_INET]**.**.**.**:52271
[winter-stars-7441] 2022-08-09 11:17:03 COM> SUCCESS: client-auth command succeeded
[winter-stars-7441] Tue Aug  9 11:17:03 2022 ************2e7/**.**.**.**:52271 MULTI_sva: pool returned IPv4=**.**.**.2, IPv6=(Not enabled)
[winter-stars-7441] 2022-08-09 11:17:03 User connected user_id=************2e7
[winter-stars-7441] Tue Aug  9 11:18:23 2022 ************2e7/**.**.**.**:52271 [************2e7] Inactivity timeout (--ping-restart), restarting
[winter-stars-7441] 2022-08-09 11:18:23 User disconnected user_id=************2e7

##Client Logs##
2022-08-09 11:17:01 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-08-09 11:17:01 OpenVPN 2.5.3 arm-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 18 2021
2022-08-09 11:17:01 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2022-08-09 11:17:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-08-09 11:17:01 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-08-09 11:17:01 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-08-09 11:17:01 TCP/UDP: Preserving recently used remote address: [AF_INET]**.**.**.**:11806
2022-08-09 11:17:01 UDP link local: (not bound)
2022-08-09 11:17:01 UDP link remote: [AF_INET]**.**.**.**:11806
2022-08-09 11:17:01 VERIFY SCRIPT OK: depth=1, O=************82cc, CN=************82d8
2022-08-09 11:17:01 VERIFY OK: depth=1, O=************82cc, CN=************82d8
2022-08-09 11:17:01 VERIFY KU OK
2022-08-09 11:17:01 NOTE: --mute triggered...
2022-08-09 11:17:01 6 variation(s) on previous 3 message(s) suppressed by --mute
2022-08-09 11:17:01 [************2de] Peer Connection Initiated with [AF_INET]**.**.**.**:11806
2022-08-09 11:17:03 Data Channel: using negotiated cipher 'AES-128-GCM'
2022-08-09 11:17:03 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2022-08-09 11:17:03 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2022-08-09 11:17:03 Opened utun device utun7
2022-08-09 11:17:03 /sbin/ifconfig utun7 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2022-08-09 11:17:03 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2022-08-09 11:17:03 /sbin/ifconfig utun7 **.**.**.6 **.**.**.6 netmask 255.255.255.0 mtu 1500 up
add net **.**.**.0: gateway **.**.**.6
2022-08-09 11:17:03 /tmp/pritunl/ac4cdd8e7c5c67890cc48926945fedc7-up.sh utun7 1500 1553 **.**.**.6 255.255.255.0 init
dhcp-option DNS 8.8.8.8
add net **.**.**.122: gateway **.**.**.1
add net **.**.**.72: gateway **.**.**.1
add net **.**.**.42: gateway **.**.**.1
add net **.**.**.102: gateway **.**.**.1
add net **.**.**.134: gateway **.**.**.1
add net **.**.**.183: gateway **.**.**.1
add net **.**.**.139: gateway **.**.**.1
add net **.**.**.23: gateway **.**.**.1
add net **.**.**.210: gateway **.**.**.1
add net **.**.**.187: gateway **.**.**.1
add net **.**.**.235: gateway **.**.**.1
add net **.**.**.83: gateway **.**.**.1
2022-08-09 11:17:03 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-08-09 11:17:03 Initialization Sequence Completed
2022-08-09 11:18:03 [************2de] Inactivity timeout (--ping-exit), exiting
2022-08-09 11:18:03 /tmp/pritunl/ac4cdd8e7c5c67890cc48926945fedc7-block.sh utun7 1500 1553 **.**.**.6 255.255.255.0 init
delete net **.**.**.122: gateway **.**.**.1
delete net **.**.**.72: gateway **.**.**.1
delete net **.**.**.42: gateway **.**.**.1
delete net **.**.**.102: gateway **.**.**.1
delete net **.**.**.134: gateway **.**.**.1
delete net **.**.**.183: gateway **.**.**.1
delete net **.**.**.139: gateway **.**.**.1
delete net **.**.**.23: gateway **.**.**.1
delete net **.**.**.210: gateway **.**.**.1
delete net **.**.**.187: gateway **.**.**.1
delete net **.**.**.235: gateway **.**.**.1
delete net **.**.**.83: gateway **.**.**.1
2022-08-09 11:18:03 Closing TUN/TAP interface
2022-08-09 11:18:03 /tmp/pritunl/ac4cdd8e7c5c67890cc48926945fedc7-down.sh utun7 1500 1553 **.**.**.6 255.255.255.0 init
2022-08-09 11:18:03 SIGINT[hard,ping-exit] received, process exiting

This may be an MTU issue check the debugging documentation.

Thank you, however I’ve run through this and that doesn’t seem to be the problem here.

I’ve since switched to using the Wireguard option which appears much more stable with our Windows machines. However, getting the Pritunl client to recognise wireguard on Macs (both Intel & ARM) is proving to be almost impossible. Any tips? We have Wireguard installed and running on both architectures, but the Pritunl client doesn’t give us the option of connecting to the WG profile

On macOS the 3 paths below are checked for wg and wg-quick both must exist for WireGuard to be enabled. The server must also have WireGuard enabled, if profile sync is updating the profile will need to be reimported after enabling WireGuard.

/usr/bin/wg
/usr/local/bin/wg
/opt/homebrew/bin/wg

/usr/bin/wg-quick
/usr/local/bin/wg-quick
/opt/homebrew/bin/wg-quick