Pritunl can't connect after update to Kubuntu 25.04

I’ve just updated my Kubuntu OS from 24.10 to 25.04 and pritunl stop working. I’ve updated pritunl-client-electron to v1.3.4210.52 - that didn’t help.
Is this a known issue?

logs:

[2025-03-29 16:26:35][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_dns=false ◆ disable_gateway=true ◆ dynamic_firewall=false ◆ force_connect=false ◆ force_dns=false ◆ geo_sort="" ◆ mode="ovpn" ◆ profile_id="574c99fb2378968e" ◆ reconnect=false ◆ sso_auth=false
[2025-03-29 16:26:35][INFO] ▶ connection: Resolved remotes ◆ public_address="" ◆ public_address6="" ◆ remotes=[]string{"my.server.org"} ◆ sort_method="random"
[2025-03-29 16:26:35][INFO] ▶ connection: Attempting remotes ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=0 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"my.server.org"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=false ◆ profile_disable_dns=false ◆ profile_disable_gateway=true ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="574c99fb2378968e" ◆ profile_mode="ovpn" ◆ profile_reconnect=false ◆ profile_sso_auth=false ◆ profile_system_profile=false ◆ profile_timeout=false ◆ remotes=[]string{"my.server.org"} ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="e936f6cf03d8499a" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.March, 29, 16, 26, 35, 841682792, time.Local) ◆ wg_bash_path="" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-03-29 16:26:35][ERRO] ▶ connection: Disconnecting ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=0 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"my.server.org"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=true ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="openvpn" ◆ ovpn_remotes=[]string{"my.server.org(13333/udp)"} ◆ ovpn_running=-1 ◆ ovpn_tap_iface="" ◆ profile_device_auth=false ◆ profile_disable_dns=false ◆ profile_disable_gateway=true ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="574c99fb2378968e" ◆ profile_mode="ovpn" ◆ profile_reconnect=false ◆ profile_sso_auth=false ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="e936f6cf03d8499a" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{"/tmp/pritunl/574c99fb2378968e", "/tmp/pritunl/574c99fb2378968e.auth", "/tmp/pritunl/574c99fb2378968e-block.sh", "/tmp/pritunl/574c99fb2378968e-up.sh", "/tmp/pritunl/574c99fb2378968e-down.sh"} ◆ state_time=time.Date(2025, time.March, 29, 16, 26, 35, 841682792, time.Local) ◆ wg_bash_path="" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-03-29 16:26:42][INFO] ▶ profile: Disconnected without restart ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=true ◆ client_provider=true ◆ client_startime=7 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"my.server.org"} ◆ data_status="disconnected" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=true ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="openvpn" ◆ ovpn_remotes=[]string{"my.server.org(13333/udp)"} ◆ ovpn_running=-1 ◆ ovpn_tap_iface="" ◆ profile_device_auth=false ◆ profile_disable_dns=false ◆ profile_disable_gateway=true ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="574c99fb2378968e" ◆ profile_mode="ovpn" ◆ profile_reconnect=false ◆ profile_sso_auth=false ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=true ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="e936f6cf03d8499a" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{"/tmp/pritunl/574c99fb2378968e", "/tmp/pritunl/574c99fb2378968e.auth", "/tmp/pritunl/574c99fb2378968e-block.sh", "/tmp/pritunl/574c99fb2378968e-up.sh", "/tmp/pritunl/574c99fb2378968e-down.sh"} ◆ state_time=time.Date(2025, time.March, 29, 16, 26, 35, 841682792, time.Local) ◆ wg_bash_path="" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""

And I don’t see any packages sent in wireshark at all

direct connection via
sudo openvpn my_profile.ovpn
works

Check the profile logs. From the interface in the top right menu click logs then select the profile.

It states:

Options error: In [CMD-LINE]:1: Error opening configuration file: /tmp/pritunl/9ba6f99cc53708a0
Use --help for more information.

Still not working. Any news about 25.04 support?

Ubuntu 25.04 and Fedora 42 were added to the custom build system and it is ready for those builds with the next client release. This should be sometime this week.

I connected using the .ovpn file from the pritunl server.

I imported it into Ubuntu 25.04 using the menu network > VPN > + > Import from file.

The connection was successful, using passcode and OTP.

However, since I use route53, the DNS could not be resolved normally like the pritunl client.

However, if I uncheck the option “Use this connection only for resources on its network” the VPN connects and receives a default route and the private DNS can be resolved normally.

Changes to AppArmor are preventing openvpn from reading from /tmp and also preventing any connection scripts from running. This will break DNS support. I have made commits to move the configuration file location to /etc/openvpn and removed the connection scripts until a different solution can be developed. This will allow connections to work but DNS support will not work. Run the commands below to pull the latest service from the repository and replace the existing one. No additional changes will be needed this file will be replaced on the next update with a working one.

The AppArmor OpenVPN bug is tracked as Ubuntu Bug #2098930.

If this is run within the next few hours GOPROXY=direct go install github.com/pritunl/pritunl-client-electron/service@latest may be needed to skip the golang cache repositories.

sudo apt install golang git
go install github.com/pritunl/pritunl-client-electron/service@bd347e9fef6c89cb5d56e4c9970442f98d588c43
sudo systemctl stop pritunl-client
sudo cp ~/go/bin/service /usr/bin/pritunl-client-service
sudo systemctl start pritunl-client

I have found a solution that will work with Ubuntu and support DNS. The AppArmor profiles only allow the default /etc/openvpn/update-resolv-conf to run and only if the OpenVPN process runs with the user nm-openvpn. The commit below will now detect both and adjust the configuration. This will allow the AppArmor profiles to remain in place and make the OpenVPN process more secure and isolated. The next release will include these changes.

sudo apt install golang git
go install github.com/pritunl/pritunl-client-electron/service@da9188eb6e6942b4709a302081434a77381f55ac
sudo systemctl stop pritunl-client
sudo cp ~/go/bin/service /usr/bin/pritunl-client-service
sudo systemctl start pritunl-client

After further testing the latest change isn’t working. Currently the only solution is to run it without the DNS script or disable the AppArmor profile. Below is the current working commit that will run it without the DNS script. I’m going to wait to see if Ubuntu fixes the AppArmor profile otherwise an additional profile will be packaged with the client to allow it to override the existing one.

sudo apt install golang git
go install github.com/pritunl/pritunl-client-electron/service@bd347e9fef6c89cb5d56e4c9970442f98d588c43
sudo systemctl stop pritunl-client
sudo cp ~/go/bin/service /usr/bin/pritunl-client-service
sudo systemctl start pritunl-client

Currently the best solution is to disable the AppArmor profile by running sudo apparmor_parser -R /etc/apparmor.d/openvpn. This can be reverted by running sudo apparmor_parser -a /etc/apparmor.d/openvpn . It wouldn’t be correct for the Pritunl package to automatically make changes to the system AppArmor profiles so this isn’t going to added to the package.

This works fine for me, thanks!

The latest build handles this by checking if the OpenVPN AppArmor is enabled. If it is it will not attempt to configure DNS and will indicate this in the logs, if it is it will configure DNS. Running sudo ps aux | grep openvpn will show an included --up script in the OpenVPN process indicating if DNS was configured.