Hello team,
We continuously facing the Single sign-on timeout issue. Here are more information about the system installed here.
- Pritunl version: was pritunl
v1.32.4057.36
, today upgraded to pritunlv1.32.4278.46
. Single host, 7 servers. - MongoDB version: was
8.0.3
, today upgraded to8.0.10
. Self-hosted community edition version, deployed on a separate VM in the same network as pritunl. - SSO provider -
Azure
- On most servers - Single-sign on should be configured.
What is the problem?
User is connecting to profile from Client app and the following is happening:
- Clicking
Connect
button - Redirecting to browser for authenticating with Azure
- Green message: Successfully authenticated connection
- On client app Status is still βAuthenticatingβ.
- After some time I receive error Connection timed out on <server_name>.
There are logs:
Post "https://<PUBLIC_IP>/key/ovpn_wait/<org_id>/<user_id>/<server_id>/": context canceled
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).EncRequest
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:987 +0x1027fb614
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:545 +0x1027f8ae7
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:653 +0x1027f923b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).connectPreAuth
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:287 +0x1027f72ef
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:189 +0x1027f64ff
github.com/pritunl/pritunl-client-electron/service/connection.(*Ovpn).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/ovpn.go:107 +0x1027fd96f
github.com/pritunl/pritunl-client-electron/service/connection.(*Connection).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/connection.go:127 +0x1027fd958
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:148 +0x102824abb
runtime.goexit
/opt/homebrew/Cellar/go@1.22/1.22.8/libexec/src/runtime/asm_arm64.s:1222 +0x1022b2343
[2025-06-10 13:09:11][ERRO] βΆ profile: Failed to start profile β profile_id="7f2ac329a667557a"
profile: Request put error
Post "https://<PUBLIC_IP>/key/ovpn_wait/<org_id>/<user_id>/<server_id>/": context canceled
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).EncRequest
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:987 +0x1027fb614
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:545 +0x1027f8ae7
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:653 +0x1027f923b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).connectPreAuth
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:287 +0x1027f72ef
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:189 +0x1027f64ff
github.com/pritunl/pritunl-client-electron/service/connection.(*Ovpn).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/ovpn.go:107 +0x1027fd96f
github.com/pritunl/pritunl-client-electron/service/connection.(*Connection).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/connection.go:127 +0x1027fd958
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:148 +0x102824abb
runtime.goexit
/opt/homebrew/Cellar/go@1.22/1.22.8/libexec/src/runtime/asm_arm64.s:1222 +0x1022b2343
[2025-06-10 13:43:51][INFO] βΆ profile: Connecting β device_auth=true β disable_dns=false β disable_gateway=false β dynamic_firewall=false β force_connect=false β force_dns=false β geo_sort="" β mode="ovpn" β profile_id="7f2ac329a667557a" β reconnect=true β sso_auth=true
[2025-06-10 13:43:51][INFO] βΆ connection: Resolved remotes β public_address="" β public_address6="" β remotes=[]string{"<PUBLIC_IP>"} β sort_method="random"
[2025-06-10 13:43:51][INFO] βΆ connection: Attempting remote β client_disconnect=false β client_disconnect_waiters=0 β client_disconnected=false β client_provider=true β client_startime=0 β data_iface="" β data_mode="" β data_remotes=[]string{"<PUBLIC_IP>"} β data_status="connecting" β data_timestamp=0 β data_tun_iface="" β ovpn_auth_failed=false β ovpn_cmd=false β ovpn_connected=false β ovpn_dir="" β ovpn_last_auth_failed=-1 β ovpn_management_pass=false β ovpn_management_port=0 β ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" β ovpn_remotes=[]string{} β ovpn_running=0 β ovpn_tap_iface="" β profile_device_auth=true β profile_disable_dns=false β profile_disable_gateway=false β profile_dynamic_firewall=false β profile_force_connect=false β profile_force_dns=false β profile_geo_sort=false β profile_id="7f2ac329a667557a" β profile_mode="ovpn" β profile_reconnect=true β profile_sso_auth=true β profile_system_profile=false β profile_timeout=false β remote="<PUBLIC_IP>" β state_closed=false β state_closed_waiters=0 β state_deadline=false β state_delay=false β state_id="445e74e4e050d208" β state_interactive=true β state_no_reconnect=false β state_stop=false β state_system_interactive=false β state_temp_paths=[]string{} β state_time=time.Date(2025, time.June, 10, 13, 43, 51, 862947000, time.Local) β wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" β wg_conf_path="" β wg_conf_path2="" β wg_connected=false β wg_last_handshake=0 β wg_path="/Applications/Pritunl.app/Contents/Resources/wg" β wg_priv_key=false β wg_pub_key=false β wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" β wg_server_pub_key=false β wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) β wg_sso_token=false β wg_util_path=""
[2025-06-10 13:45:23][ERRO] βΆ profile: All connection requests failed
connection: Single sign-on timeout
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:559 +0x1027f8be3
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1027f8c7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:653 +0x1027f923b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).connectPreAuth
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:287 +0x1027f72ef
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:189 +0x1027f64ff
github.com/pritunl/pritunl-client-electron/service/connection.(*Ovpn).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/ovpn.go:107 +0x1027fd96f
github.com/pritunl/pritunl-client-electron/service/connection.(*Connection).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/connection.go:127 +0x1027fd958
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:148 +0x102824abb
runtime.goexit
How it started?
Before upgrading to new versions we sometimes faced with this issue.
I read topics from the Pritunl forum, I understand that there is the issue with host to host messaging communication.
When I executed command sudo pritunl clear-message-cache
it helped and I continued working with VPN. I was thinking itβll be a good idea to clear messages cache by cron each day, but sometimes I was receiving this error even after few hours after running this command.
How is it going now?
I decided to upgrade Pritunl version and MongoDB version. I upgraded Pritunl from pritunl v1.32.4057.36
to pritunl v1.32.4278.46
and MongoDB version from 8.0.3
to 8.0.10
.
And issue not even gone, itβs became permanent. sudo pritunl clear-message-cache
doesnβt help now, Iβm checking the messages collection inside the DB and itβs not cleared. There are still the same records that I had before upgrade.
I tried both: MacOS and Windows 11, not working.
I have few questions:
- How to fix it and make it work again?
- How to prevent such issues for the future? Maybe some MongoDB or Pritunl options that I can adjust, so itβll not happen again?
- What are the reasons for this to happen? We donβt have a lot of active users for now.