We use a separate host to provide web UI access/profile retrieval on port 8443. When a user first connects with WG the Pritunl client attempts to connect to the server host IP instead of the host’s sync address value. A unique symptom is the sync address in client logs is Server Host IP:8443 instead of the Sync Host Address:8443.
We’ve used the web UI:8443 for profile sync/retrieval for a while. This is the first time we’ve had a problem like this.
Here are the logs, IP addresses have been modified.
Sync Address - vpn.example.com:8443
[2023-02-01 13:30:49][INFO] ▶ profile: Connecting ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ mode="wg" ◆ profile_id="e0c8bdae8d9c9419" ◆ reconnect=false ◆ sso_auth=false
[2023-02-01 13:31:19][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2:8443/key/wg/62c6eea3e2c7a566bf1994e8/62c6eea5e2c7a566bf1994f7/63da9b08c4ee0954e2919b95": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:99 +0x15363c9
runtime.goexit
After I remove the sync address from the host and reimport the profile,
[2023-02-01 13:46:42][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2/key/wg/5eab17fc179e6629c7afdb51/5eab17fd179e6629c7afdb65/63c6f639e2c7a566bfb16eff": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/profile.SyncSystemProfiles.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/utils.go:398 +0x153254c
runtime.goexit
zach
February 2, 2023, 4:07am
2
The sync addresses are added to the host addresses and all of these are iterated in a random order. It should continue to iterate until a successful connection is made. I may change the code to iterate sync addresses first but these logs seem to indicate both your host and sync address are inaccessible.
There’s a firewall blocking the web port on the VPN Server hosts and a dedicated host for the web interface/Sync machine. Unblocking the web port to the VPN Server hosts the client retrieves the WG key. I do not see the Sync address in the logs when the WG key retrieval fails.
Also, the service tries the web port (8443) and 443, but not the service trying both the Server host and Sync host. Could a deadline be triggered before the service tries the available sync addresses?
[2023-04-12 20:26:59][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2:8443/key/wg/5eab17fc179e6629c7afdb51/5eab17fd179e6629c7afdb65/63c6f639e2c7a566bfb16eff": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:99 +0x15363c9
runtime.goexit
/usr/local/Cellar/go/1.19.3/libexec/src/runtime/asm_amd64.s:1594 +0x1067f00
[2023-04-12 20:27:00][INFO] ▶ profile: Disconnecting ◆ profile_id="b93e8c4fe3e79760"
[2023-04-12 20:27:00][INFO] ▶ profile: Disconnected ◆ profile_id="b93e8c4fe3e79760"
[2023-04-12 20:27:07][INFO] ▶ profile: Connecting ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ mode="wg" ◆ profile_id="b93e8c4fe3e79760" ◆ reconnect=false ◆ sso_auth=false
[2023-04-12 20:28:08][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://192.168.1.2/key/wg/5eab17fc179e6629c7afdb51/5eab17fd179e6629c7afdb65/63c6f639e2c7a566bfb16eff": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2490 +0x1527d39
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3556 +0x152d064
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1229 +0x151dd87
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:99 +0x15363c9
runtime.goexit
/usr/local/Cellar/go/1.19.3/libexec/src/runtime/asm_amd64.s:1594 +0x1067f00
[2023-04-12 20:28:09][INFO] ▶ profile: Disconnecting ◆ profile_id="b93e8c4fe3e79760"
[2023-04-12 20:28:09][INFO] ▶ profile: Disconnected ◆ profile_id="b93e8c4fe3e79760"
zach
April 13, 2023, 6:11pm
4
It’s very unlikely that is a valid configuration. There should not be any local addresses configured for the host remote IP unless the client is also on the same local network.
The actual IP addresses are replaced with private addresses for privacy reasons.
zach
April 13, 2023, 10:40pm
6
The sync address should be configured to the address used to access the web server on the Pritunl host. The issue with the incorrect port number should be corrected with the latest Pritunl Client and with the Pritunl v1.32 release in the unstable repository