Pritunl wireguard client does not respect host "Sync Address"

dhurley · February 1, 2023, 8:12pm

We use a separate host to provide web UI access/profile retrieval on port 8443. When a user first connects with WG the Pritunl client attempts to connect to the server host IP instead of the host’s sync address value. A unique symptom is the sync address in client logs is Server Host IP:8443 instead of the Sync Host Address:8443.

We’ve used the web UI:8443 for profile sync/retrieval for a while. This is the first time we’ve had a problem like this.

Here are the logs, IP addresses have been modified.

Sync Address - vpn.example.com:8443
Server Host - 192.168.1.2

[2023-02-01 13:30:49][INFO] ▶ profile: Connecting ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ mode="wg" ◆ profile_id="e0c8bdae8d9c9419" ◆ reconnect=false ◆ sso_auth=false
[2023-02-01 13:31:19][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2:8443/key/wg/62c6eea3e2c7a566bf1994e8/62c6eea5e2c7a566bf1994f7/63da9b08c4ee0954e2919b95": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:99 +0x15363c9
runtime.goexit

After I remove the sync address from the host and reimport the profile,

[2023-02-01 13:46:42][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2/key/wg/5eab17fc179e6629c7afdb51/5eab17fd179e6629c7afdb65/63c6f639e2c7a566bfb16eff": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/profile.SyncSystemProfiles.func1
	/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/utils.go:398 +0x153254c
runtime.goexit

zach · February 2, 2023, 4:07am

The sync addresses are added to the host addresses and all of these are iterated in a random order. It should continue to iterate until a successful connection is made. I may change the code to iterate sync addresses first but these logs seem to indicate both your host and sync address are inaccessible.