georgn
December 12, 2023, 4:52pm
1
I happened to do some apt upgrade
action on my machine and now the client brings up the following in a red error box:
Main: Unhandled rejection message=Utils: Failed to decrypt string e3 Error: Error invoking remote method 'processing': Error: Error while decrypting the ciphertext provided to safeStorage.decryptString. stack=Error: Error invoking remote method 'processing': Error: Error while decrypting the ciphertext provided to safeStorage.decryptString. at a.invoke (node:electron/js2c/renderer_init:2:7723)
The connect button stays pressed – need to restart the app to try again.
Sadly, the logs show a whole lot of nothing:
[2023-12-12 10:34:40][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 10:38:42][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 10:43:22][INFO] ▶ utils: Reseting networking
[2023-12-12 10:55:27][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:06:40][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:12:42][INFO] ▶ utils: Reseting networking
[2023-12-12 11:22:15][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:22:45][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:27:49][INFO] ▶ main: Service starting ◆ version="1.3.3709.64"
[2023-12-12 11:32:43][INFO] ▶ token: Token init ◆ profile="ca92ee53ac755607" ◆ ttl="ca92ee53ac755607"
[2023-12-12 11:43:33][INFO] ▶ utils: Reseting networking
Other data points, I have a Mac and another linux box and they are both connected to the same VPN and they are showing no problems (and yes, I have had occasion to reboot the Mac, and thus reconnected). So I can infer that there has been zero change on the server side.
zach
December 12, 2023, 9:38pm
2
The safeStorage has been disabled for new profiles due to reported issues. Existing profiles that already have the key in safeStorage will continue using it. You can delete and re-import the profile to create a profile without safeStorage.
It’s possible the error is from a issue with linked libraries, this may be caused by installing the client from the wrong Ubuntu release. Verify that the /etc/apt/sources.list.d/pritunl.list
repository file is using the jammy
repository.
georgn
December 12, 2023, 10:10pm
3
That was among the first things I checked (nevermind that I’ve been running on jammy for awhile) – it is set correctly.
I did find something interesting and that’s my tun
interface seems to have disappeared… from one of the other logs:
2023-12-08 11:04:51 8191 variation(s) on previous 3 message(s) suppressed by --mute
2023-12-08 11:04:51 event_wait : Interrupted system call (code=4)
2023-12-08 11:04:54 /tmp/pritunl/ca92ee53ac755607-block.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
2023-12-08 11:04:54 Closing TUN/TAP interface
2023-12-08 11:04:54 net_addr_v4_del: 192.168.72.36 dev tun0
2023-12-08 11:04:54 /tmp/pritunl/ca92ee53ac755607-down.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
Device "tun0" does not exist.
<11>Dec 8 11:04:57 ca92ee53ac755607-down.sh: Invalid device name: 'tun0'. Usage: ca92ee53ac755607-down.sh up|down device_name.
2023-12-08 11:04:57 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-12-08 11:04:57 Exiting due to fatal error
2023-12-08 11:15:40 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2023-12-08 11:15:40 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-12-08 11:15:40 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-08 11:15:40 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-12-08 11:15:40 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-12-08 11:15:40 TCP/UDP: Preserving recently used remote address: [AF_INET]204.225.134.51:9110
2023-12-08 11:15:40 UDP link local: (not bound)
2023-12-08 11:15:40 UDP link remote: [AF_INET]204.225.134.51:9110
2023-12-08 11:15:40 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-08 11:15:40 VERIFY SCRIPT OK: depth=1, O=6204a26a4bd74c71968a5f25, CN=6204a26a4bd74c71968a5f2a
2023-12-08 11:15:40 VERIFY OK: depth=1, O=6204a26a4bd74c71968a5f25, CN=6204a26a4bd74c71968a5f2a
2023-12-08 11:15:40 VERIFY KU OK
2023-12-08 11:15:40 NOTE: --mute triggered...
2023-12-08 11:15:40 6 variation(s) on previous 3 message(s) suppressed by --mute
2023-12-08 11:15:40 [6204a26d4bd74c71968a5f30] Peer Connection Initiated with [AF_INET]204.225.134.51:9110
2023-12-08 11:15:46 Data Channel: using negotiated cipher 'AES-128-GCM'
2023-12-08 11:15:46 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-12-08 11:15:46 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-12-08 11:15:46 TUN/TAP device tun0 opened
2023-12-08 11:15:46 net_iface_mtu_set: mtu 1500 for tun0
2023-12-08 11:15:46 net_iface_up: set tun0 up
2023-12-08 11:15:46 net_addr_v4_add: 192.168.72.36/24 dev tun0
2023-12-08 11:15:46 /tmp/pritunl/ca92ee53ac755607-up.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: Link 'tun0' coming up
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: Adding IPv4 DNS Server 192.168.64.3
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: Adding IPv4 DNS Server 192.168.64.4
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: Adding DNS Domain untetherai.com
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: Adding DNS Domain untether.ai
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: SetLinkDNS(5 2 2 4 192 168 64 3 2 4 192 168 64 4)
<14>Dec 8 11:15:46 ca92ee53ac755607-up.sh: SetLinkDomains(5 2 untetherai.com false untether.ai false)
2023-12-08 11:15:46 Initialization Sequence Completed
2023-12-12 10:33:15 event_wait : Interrupted system call (code=4)
2023-12-12 10:33:15 /tmp/pritunl/ca92ee53ac755607-block.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
2023-12-12 10:33:15 Closing TUN/TAP interface
2023-12-12 10:33:15 net_addr_v4_del: 192.168.72.36 dev tun0
2023-12-12 10:33:15 /tmp/pritunl/ca92ee53ac755607-down.sh tun0 1500 1553 192.168.72.36 255.255.255.0 init
Device "tun0" does not exist.
<11>Dec 12 10:33:15 ca92ee53ac755607-down.sh: Invalid device name: 'tun0'. Usage: ca92ee53ac755607-down.sh up|down device_name.
2023-12-12 10:33:15 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-12-12 10:33:15 Exiting due to fatal error
ifconfig -a
no longer shows a tun0
device (not that I ever spent any time looking at it before, it is one of those things you get used to seeing).
georgn
December 13, 2023, 12:11am
4
Weird… trashing and re-importing my ovpn config file made everything happy again.
I’m confused but you can consider this solved.
georgn
December 13, 2023, 2:59pm
5
One other breadcrumb for future googlers…
My problems were not created by apt upgrade
. Rather they were created by me doing rm -rf $HOME/.local/*
(which is something I did to clean out previously python glop that came via pip install --user ...
– I know dumb).
That removed both the pritunl config so later, after rebooting, I was no longer able to reconnect. Pilot-error.
zach
December 15, 2023, 10:57pm
6
The keyring is stored in .local/share/keyrings/login.keyring
, this would contain the key to decrypt the profiles keys stored in safeStorage.