Pritunl Failed to connect (Device Authenticator enabled)

Latorre · March 27, 2024, 4:48pm

Hi, in my company I have Device authenticator enabled and in some computers with diferents OS (Windows, Linux and MACOS) I have problem in fisrt coneccion. Before get the Code Number for registre device. Can you help me please?

Client logs:
[2024-3-11 14:27:5][INFO] Profiles: Updating profile ‘212cbd2d8abeee4c’
[2024-3-11 14:27:29][INFO] Profiles: Updating profile ‘212cbd2d8abeee4c’
[2024-3-11 14:28:7][INFO] Profiles: Updating profile ‘212cbd2d8abeee4c’
[2024-3-11 14:28:23][INFO] Profiles: Updating profile ‘212cbd2d8abeee4c’
[2024-3-11 14:28:41][INFO] Profiles: Updating profile ‘212cbd2d8abeee4c’
[2024-3-11 14:42:54][INFO] Profiles: Updating profile ‘d67ef2494e92f4d4’
[2024-3-11 14:49:4][INFO] Profiles: Updating profile ‘8e9fe70982dca088’
[2024-3-11 14:49:21][ERROR] Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
RequestError: Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
at Request_Request.parseError (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60350:16)
at ClientRequest. (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60390:36)
at ClientRequest.emit (node:events:514:28)
at TLSSocket.emitRequestTimeout (node:_http_client:840:9)
at Object.onceWrapper (node:events:628:28)
at TLSSocket.emit (node:events:526:35)
at Socket._onTimeout (node:net:589:8)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
[2024-3-11 14:49:21][ERROR] Request: Client error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
RequestError: Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
RequestError: Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
at Request_Request.parseError (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60350:16)
at ClientRequest. (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60390:36)
at ClientRequest.emit (node:events:514:28)
at TLSSocket.emitRequestTimeout (node:_http_client:840:9)
at Object.onceWrapper (node:events:628:28)
at TLSSocket.emit (node:events:526:35)
at Socket._onTimeout (node:net:589:8)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
[2024-3-11 14:49:21][ERROR] Profiles: Failed to sync profile configuration
RequestError: Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
RequestError: Request: Timeout error ssl=true hostname=(my address) port=443 method=GET path=/key/sync/65ce0cd68eaf7fdc4f6f84aa/65ce0cd88eaf7fdc4f6f84b9/65ce0eaa8eaf7fdc4f6f8661/136d8c71c3c942aba9fd67185f545e22 ttl=5000
at Request_Request.parseError (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60350:16)
at ClientRequest. (file:///usr/lib/pritunl_client_electron/resources/app/dist/static/app.3e3f65.js:60390:36)
at ClientRequest.emit (node:events:514:28)
at TLSSocket.emitRequestTimeout (node:_http_client:840:9)
at Object.onceWrapper (node:events:628:28)
at TLSSocket.emit (node:events:526:35)
at Socket._onTimeout (node:net:589:8)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
[2024-3-11 14:49:21][INFO] Profiles: Updating profile ‘8e9fe70982dca088’
[2024-3-11 14:57:13][INFO] Profiles: Updating profile ‘ce334c860e361a6b’

Service logs:
[2024-03-11 14:23:49][INFO] main: Service starting ◆ version=“1.3.3814.40”
[2024-03-11 14:27:05][INFO] token: Token init ◆ profile=“212cbd2d8abeee4c” ◆ ttl=“212cbd2d8abeee4c”
[2024-03-11 14:27:05][INFO] profile: Connecting ◆ device_auth=true ◆ disable_dns=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode=“ovpn” ◆ profile_id=“212cbd2d8abeee4c” ◆ reconnect=false ◆ sso_auth=false
[2024-03-11 14:27:06][ERRO] tpm: Cannot find TPM for device authentication ◆ path=“/dev/tpm0”
[2024-03-11 14:27:06][WARN] profile: Request ovpn connection error
tpm: Failed to find TPM
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/tpm.getTpmPath
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/tpm/tpm_linux.go:138 +0xa13765
github.com/pritunl/pritunl-client-electron/service/tpm.(*Tpm).Open
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/tpm/tpm_linux.go:27 +0xa12f86
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqOvpn
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/profile/profile.go:2161 +0xa27f58
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).openOvpn
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/profile/profile.go:1975 +0xa26cb5
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startOvpn
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/profile/profile.go:1381 +0xa232ae
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/profile/profile.go:1364 +0xa230c7
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/pacur_build/src/pritunl-client-electron-1.3.3814.40/service/handlers/profile.go:108 +0xa47005
runtime.goexit

zach · March 27, 2024, 7:29pm

Device authentication requires a TPM and Windows 11. If the client has Windows 11 the TPM should be available, if not there may be an issue with the bios settings.

Latorre · March 27, 2024, 7:32pm

I understand, but this happens on some of my Linux, MAC and Windows machines.

zach · March 27, 2024, 8:19pm

The error indicates the device doesn’t have a TPM available. If it’s on Linux it would need to be enabled in the BIOS settings. On macOS the Secure Enclave is used instead of a TPM, this is available on all Apple computers after the introduction of the touch bar.

Latorre · March 27, 2024, 9:35pm

Perfect, thanks @zach!