Pritunl client fails after update in ubuntu 22.04

georgn · December 12, 2023, 4:52pm

I happened to do some apt upgrade action on my machine and now the client brings up the following in a red error box:
Main: Unhandled rejection message=Utils: Failed to decrypt string e3 Error: Error invoking remote method 'processing': Error: Error while decrypting the ciphertext provided to safeStorage.decryptString. stack=Error: Error invoking remote method 'processing': Error: Error while decrypting the ciphertext provided to safeStorage.decryptString. at a.invoke (node:electron/js2c/renderer_init:2:7723)

The connect button stays pressed – need to restart the app to try again.

Sadly, the logs show a whole lot of nothing:

[2023-12-12 10:34:40][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 10:38:42][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 10:43:22][INFO] ▶ utils: Reseting networking
[2023-12-12 10:55:27][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:06:40][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:12:42][INFO] ▶ utils: Reseting networking
[2023-12-12 11:22:15][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:22:45][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:27:49][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:32:43][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:43:33][INFO] ▶ utils: Reseting networking

Other data points, I have a Mac and another linux box and they are both connected to the same VPN and they are showing no problems (and yes, I have had occasion to reboot the Mac, and thus reconnected). So I can infer that there has been zero change on the server side.

zach · December 12, 2023, 9:38pm

The safeStorage has been disabled for new profiles due to reported issues. Existing profiles that already have the key in safeStorage will continue using it. You can delete and re-import the profile to create a profile without safeStorage.

It’s possible the error is from a issue with linked libraries, this may be caused by installing the client from the wrong Ubuntu release. Verify that the /etc/apt/sources.list.d/pritunl.list repository file is using the jammy repository.

georgn · December 12, 2023, 10:10pm

That was among the first things I checked (nevermind that I’ve been running on jammy for awhile) – it is set correctly.

I did find something interesting and that’s my tun interface seems to have disappeared… from one of the other logs:

2023-12-08 11:04:51 8191 variation(s) on previous 3 message(s) suppressed by --mute
2023-12-08 11:04:51 event_wait : Interrupted system call (code=4)
2023-12-08 11:04:54 /tmp/pritunl/ca92ee53ac755607-block.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
2023-12-08 11:04:54 Closing TUN/TAP interface
2023-12-08 11:04:54 net_addr_v4_del: 192.168.72.36 dev tun0
2023-12-08 11:04:54 /tmp/pritunl/ca92ee53ac755607-down.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
Device "tun0" does not exist.
<11>Dec  8 11:04:57 ca92ee53ac755607-down.sh: Invalid device name: 'tun0'. Usage: ca92ee53ac755607-down.sh up|down device_name.
2023-12-08 11:04:57 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-12-08 11:04:57 Exiting due to fatal error
2023-12-08 11:15:40 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2023-12-08 11:15:40 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-12-08 11:15:40 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-08 11:15:40 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-12-08 11:15:40 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-12-08 11:15:40 TCP/UDP: Preserving recently used remote address: [AF_INET]204.225.134.51:9110
2023-12-08 11:15:40 UDP link local: (not bound)
2023-12-08 11:15:40 UDP link remote: [AF_INET]204.225.134.51:9110
2023-12-08 11:15:40 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-08 11:15:40 VERIFY SCRIPT OK: depth=1, O=6204a26a4bd74c71968a5f25, CN=6204a26a4bd74c71968a5f2a
2023-12-08 11:15:40 VERIFY OK: depth=1, O=6204a26a4bd74c71968a5f25, CN=6204a26a4bd74c71968a5f2a
2023-12-08 11:15:40 VERIFY KU OK
2023-12-08 11:15:40 NOTE: --mute triggered...
2023-12-08 11:15:40 6 variation(s) on previous 3 message(s) suppressed by --mute
2023-12-08 11:15:40 [6204a26d4bd74c71968a5f30] Peer Connection Initiated with [AF_INET]204.225.134.51:9110
2023-12-08 11:15:46 Data Channel: using negotiated cipher 'AES-128-GCM'
2023-12-08 11:15:46 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-12-08 11:15:46 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-12-08 11:15:46 TUN/TAP device tun0 opened
2023-12-08 11:15:46 net_iface_mtu_set: mtu 1500 for tun0
2023-12-08 11:15:46 net_iface_up: set tun0 up
2023-12-08 11:15:46 net_addr_v4_add: 192.168.72.36/24 dev tun0
2023-12-08 11:15:46 /tmp/pritunl/ca92ee53ac755607-up.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: Link 'tun0' coming up
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: Adding IPv4 DNS Server 192.168.64.3
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: Adding IPv4 DNS Server 192.168.64.4
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: Adding DNS Domain untetherai.com
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: Adding DNS Domain untether.ai
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: SetLinkDNS(5 2 2 4 192 168 64 3 2 4 192 168 64 4)
<14>Dec  8 11:15:46 ca92ee53ac755607-up.sh: SetLinkDomains(5 2 untetherai.com false untether.ai false)
2023-12-08 11:15:46 Initialization Sequence Completed
2023-12-12 10:33:15 event_wait : Interrupted system call (code=4)
2023-12-12 10:33:15 /tmp/pritunl/ca92ee53ac755607-block.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
2023-12-12 10:33:15 Closing TUN/TAP interface
2023-12-12 10:33:15 net_addr_v4_del: 192.168.72.36 dev tun0
2023-12-12 10:33:15 /tmp/pritunl/ca92ee53ac755607-down.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
Device "tun0" does not exist.
<11>Dec 12 10:33:15 ca92ee53ac755607-down.sh: Invalid device name: 'tun0'. Usage: ca92ee53ac755607-down.sh up|down device_name.
2023-12-12 10:33:15 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-12-12 10:33:15 Exiting due to fatal error

ifconfig -a no longer shows a tun0 device (not that I ever spent any time looking at it before, it is one of those things you get used to seeing).

georgn · December 13, 2023, 12:11am

Weird… trashing and re-importing my ovpn config file made everything happy again.

I’m confused but you can consider this solved.

georgn · December 13, 2023, 2:59pm

One other breadcrumb for future googlers…

My problems were not created by apt upgrade. Rather they were created by me doing rm -rf $HOME/.local/* (which is something I did to clean out previously python glop that came via pip install --user ... – I know dumb).

That removed both the pritunl config so later, after rebooting, I was no longer able to reconnect. Pilot-error.

zach · December 15, 2023, 10:57pm

The keyring is stored in .local/share/keyrings/login.keyring, this would contain the key to decrypt the profiles keys stored in safeStorage.