Pritunl-link cannot connect to Unifi UDM

user101 · January 6, 2023, 9:24am

From the documentation, it says that pritunl-link supports Unifi UDM; however, it doesn’t say which version.

I see the below errors on the pritunl-link server. I’m currently running Unifi Network 7.3.76 with UniFi OS UDM SE 3.0.13. Could this be a version compatibility issue?

Jan 06 09:07:38 vpnlink01 pritunl-link[3872]: [2023-01-06 09:07:38][INFO] ▶ advertise: Unifi api error ◆ response="{\"message\":\"Invalid C>
lines 106-140
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: [2023-01-06 09:07:35][INFO] ▶ state: Deploying state ◆ states_len=1 ◆ default_interface="ens160" ◆ local_address="10>
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: [2023-01-06 09:07:35][INFO] ▶ advertise: Unifi api error ◆ status=403 ◆ response="{\"message\":\"Invalid CSRF Token\>
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: advertise: Unifi api error
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: ORIGINAL STACK TRACE:
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.unifiAddPort
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/unifi.go:833 +0xc27045
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.UnifiAddPorts
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/unifi.go:911 +0xc27bd6
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.Ports
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/advertise.go:232 +0xc0e696
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/ipsec.deploy
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/ipsec/ipsec.go:516 +0xc2caaa
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/ipsec.runDeploy
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/ipsec/ipsec.go:674 +0xc2d924
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: runtime.goexit
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /usr/local/go/src/runtime/asm_amd64.s:1571 +0x466440
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: [2023-01-06 09:07:35][ERRO] ▶ state: Failed to deploy state
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: advertise: Unifi api error
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: ORIGINAL STACK TRACE:
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.unifiAddPort
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/unifi.go:833 +0xc27045
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.UnifiAddPorts
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/unifi.go:911 +0xc27bd6
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/advertise.Ports
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/advertise/advertise.go:232 +0xc0e696
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/ipsec.deploy
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/ipsec/ipsec.go:516 +0xc2caaa
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: github.com/pritunl/pritunl-link/ipsec.runDeploy
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /go/src/github.com/pritunl/pritunl-link/ipsec/ipsec.go:674 +0xc2d924
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]: runtime.goexit
Jan 06 09:07:35 vpnlink01 pritunl-link[3872]:         /usr/local/go/src/runtime/asm_amd64.s:1571 +0x466440

zach · January 10, 2023, 10:04am

A Unifi update now changes the CSRF token after login. This is fixed in commit f92a8ce. This will be included in the next release. The source can be directly installed for testing with the commands below.

sudo rm -rf /usr/local/go
wget https://go.dev/dl/go1.19.3.linux-amd64.tar.gz
echo "74b9640724fd4e6bb0ed2a1bc44ae813a03f1e72a4c76253e2d5c015494430ba go1.19.3.linux-amd64.tar.gz" | sha256sum -c -

sudo tar -C /usr/local -xf go1.19.3.linux-amd64.tar.gz
rm -f go1.19.3.linux-amd64.tar.gz

tee -a ~/.bashrc << EOF
export GOPATH=\$HOME/go
export GOROOT=/usr/local/go
EOF
source ~/.bashrc

GOPROXY=direct go install github.com/pritunl/pritunl-link@latest
sudo systemctl stop pritunl-link
sudo cp -f ~/go/bin/pritunl-link /usr/bin/pritunl-link
sudo systemctl start pritunl-link

user101 · January 18, 2023, 10:13pm

Do you know when this fix will be push to the ubuntu (focal) repo?

zach · January 18, 2023, 11:15pm

It’s available on the unstable repository. This can be used by editing the Pritunl repository file changing stable to unstable upgrading the pritunl-link package than switch the repository back to stable.

user101 · January 19, 2023, 7:56am

Thanks. This worked.