Hi
Edit: We have some problems with SSO on some of the OpenVPN servers.
Not sure why it will not connect? Edit: Looks to be related to SSO
Server logs, simplified:
| _time | event | event_long | host_name | server_name |
|---|---|---|---|---|
| 2025-02-07 14:43:55.212 | user_device_authenticate_success | User verified device signature | DK-DC4-Node1 | |
| 2025-02-07 14:43:55.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:43:42.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:43:31.832 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:43:21.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:43:10.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:59.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:49.147 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:38.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:27.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:18.494 | sso_auth_success | DK-DC4-Node1 | ||
| 2025-02-07 14:42:18.000 | user_profile_success | User profile viewed from single sign-on | DK-DC4-Node1 | |
| 2025-02-07 14:42:17.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 | |
| 2025-02-07 14:42:16.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node3 |
Client logs: (Service logs)
[2025-02-07 14:42:15][INFO] ▶ connection: Attempting remote ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=0 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ remote="vpnnode03.example.com" ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="7f0ab0371c314796" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 42, 15, 190740000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:52][ERRO] ▶ profile: All connection requests failed
connection: Single sign-on timeout
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:559 +0x1012fcbe3
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:564 +0x1012fcc7b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).authorize
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:653 +0x1012fd23b
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).connectPreAuth
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:287 +0x1012fb2ef
github.com/pritunl/pritunl-client-electron/service/connection.(*Client).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/client.go:189 +0x1012fa4ff
github.com/pritunl/pritunl-client-electron/service/connection.(*Ovpn).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/ovpn.go:107 +0x10130196f
github.com/pritunl/pritunl-client-electron/service/connection.(*Connection).Start
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/connection/connection.go:127 +0x101301958
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
/Users/apple/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:148 +0x101328abb
runtime.goexit
/opt/homebrew/Cellar/go@1.22/1.22.8/libexec/src/runtime/asm_arm64.s:1222 +0x100db6343
[2025-02-07 14:43:52][ERRO] ▶ connection: Disconnecting ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=97 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="authenticating" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="7f0ab0371c314796" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 42, 15, 190740000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:54][INFO] ▶ utils: Clearing DNS state
[2025-02-07 14:43:54][INFO] ▶ profile: Disconnected with restart ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=true ◆ client_provider=true ◆ client_startime=99 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="disconnected" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=true ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="7f0ab0371c314796" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 42, 15, 190740000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:54][INFO] ▶ connection: Stopping reconnect ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=true ◆ client_provider=true ◆ client_startime=99 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="disconnected" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ reason="restart" ◆ state_closed=true ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="7f0ab0371c314796" ◆ state_interactive=true ◆ state_no_reconnect=false ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 42, 15, 190740000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:54][INFO] ▶ profile: Connecting ◆ device_auth=true ◆ disable_dns=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_connect=false ◆ force_dns=false ◆ geo_sort="" ◆ mode="ovpn" ◆ profile_id="d0208557ac982b5c" ◆ reconnect=true ◆ sso_auth=true
[2025-02-07 14:43:54][INFO] ▶ connection: Resolved remotes ◆ public_address="" ◆ public_address6="" ◆ remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ sort_method="random"
[2025-02-07 14:43:54][INFO] ▶ connection: Attempting remote ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=0 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ remote="vpn.example.com*" ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:55][INFO] ▶ connection: Attempting remote ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=0 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ remote="vpnnode03.example.com" ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:55][INFO] ▶ connection: Stopping non-interactive single sign-on ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=1 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:55][INFO] ▶ connection: Stopping reconnect ◆ client_disconnect=false ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=1 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ reason="client_auth_error" ◆ state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=false ◆ state_stop=false ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:43:55][ERRO] ▶ connection: Disconnecting ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=false ◆ client_provider=true ◆ client_startime=1 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="connecting" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false �� state_closed=false ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=true ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
[2025-02-07 14:44:01][INFO] ▶ utils: Clearing DNS state
[2025-02-07 14:44:01][INFO] ▶ profile: Disconnected without restart ◆ client_disconnect=true ◆ client_disconnect_waiters=0 ◆ client_disconnected=true ◆ client_provider=true ◆ client_startime=7 ◆ data_iface="" ◆ data_mode="" ◆ data_remotes=[]string{"vpn.example.com*", "vpnnode03.example.com"} ◆ data_status="disconnected" ◆ data_timestamp=0 ◆ data_tun_iface="" ◆ ovpn_auth_failed=false ◆ ovpn_cmd=false ◆ ovpn_connected=false ◆ ovpn_dir="" ◆ ovpn_last_auth_failed=-1 ◆ ovpn_management_pass=false ◆ ovpn_management_port=0 ◆ ovpn_path="/Applications/Pritunl.app/Contents/Resources/pritunl-openvpn" ◆ ovpn_remotes=[]string{} ◆ ovpn_running=0 ◆ ovpn_tap_iface="" ◆ profile_device_auth=true ◆ profile_disable_dns=false ◆ profile_disable_gateway=false ◆ profile_dynamic_firewall=false ◆ profile_force_connect=false ◆ profile_force_dns=false ◆ profile_geo_sort=false ◆ profile_id="d0208557ac982b5c" ◆ profile_mode="ovpn" ◆ profile_reconnect=true ◆ profile_sso_auth=true ◆ profile_system_profile=false ◆ profile_timeout=false ◆ state_closed=true ◆ state_closed_waiters=0 ◆ state_deadline=false ◆ state_delay=false ◆ state_id="df45a1bee3d74fce" ◆ state_interactive=false ◆ state_no_reconnect=true ◆ state_stop=true ◆ state_system_interactive=false ◆ state_temp_paths=[]string{} ◆ state_time=time.Date(2025, time.February, 7, 14, 43, 54, 507258000, time.Local) ◆ wg_bash_path="/Applications/Pritunl.app/Contents/Resources/bash" ◆ wg_conf_path="" ◆ wg_conf_path2="" ◆ wg_connected=false ◆ wg_last_handshake=0 ◆ wg_path="/Applications/Pritunl.app/Contents/Resources/wg" ◆ wg_priv_key=false ◆ wg_pub_key=false ◆ wg_quick_path="/Applications/Pritunl.app/Contents/Resources/wg-quick" ◆ wg_server_pub_key=false ◆ wg_sso_start=time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC) ◆ wg_sso_token=false ◆ wg_util_path=""
Sample of successful login:
| _time | event | event_long | host_name | server_name |
|---|---|---|---|---|
| 2025-02-07 14:52:19.000 | user_connect_network | User connected to network | DK-DC4-Node1 | TS-Operations |
| 2025-02-07 14:52:18.290 | user_connect_cache | Client authentication cached, skipping password | DK-DC4-Node1 | TS-Operations |
| 2025-02-07 14:52:18.000 | user_connect_success | User connected | DK-DC4-Node1 | TS-Operations |
| 2025-02-07 14:52:18.000 | user_connect_sso | Client sso authentication, skipping password | DK-DC4-Node1 | TS-Operations |
| 2025-02-07 14:52:18.000 | user_ovpn_success | User opened ovpn connection from pritunl client | DK-DC4-Node1 | |
| 2025-02-07 14:52:18.000 | user_connect_success | User connected | DK-DC4-Node1 | TS-Operations |
| 2025-02-07 14:52:18.000 | user_device_authenticate_success | User verified device signature | DK-DC4-Node1 |
Hi
I have tried to disabled SSO for one of the servers failing, then the connection just works out of the box without any problems.
This often happens when there is an issue with the host to host messaging system. When the single sign-on authentication is completed in the web browser the host will send a message to all hosts to indicate the token is complete. If the host handling the VPN connection doesn’t receive the message it will timeout. This will occur even if there is only one host as the same system is used. Newer releases have the command sudo pritunl clear-message-cache to reset the message collection in the database. After running this restart the hosts.
It will also occur if the single sign-on isn’t completed in the browser. When that option is enabled the client should open the web browser to allow the user to complete the single sign-on authentication.
Having both single sign-on and device authentication isn’t likely needed. Even if connection single sign-on authentication is disabled the single sign-on API is still used to verify the status of that user with the provider. The device authentication alone will validate the hardware TPM/Apple Secure Enclave which typically provides better verification than the single sign-on.
There may also be issues with the configured addresses. Below are all the addresses and how to configure them. Verify this is done correctly.
Hosts Tab
- Host Public Address: The public IPv4 address or domain of the Pritunl host. This should always be the public IP of the host for all configurations even when using a load balancer.
- Host Public IPv6 Address: The public IPv6 address or domain of the Pritunl host. This should always be the public IP of the host for all configurations even when using a load balancer.
- Host Sync Address: In the advanced host settings. The public address or domain that the web server of the Pritunl servers can be accessed from. If a load balancer is configured that address should be set here.
Top Right Settings
- Connection Single Sign-On Domain: Only shown when using single sign-on connection authentication. The public address or domain that is used to validate single sign-on requests through the Pritunl web server for a new VPN connection. If a load balancer is configured that address should be set here.
I get:
Clearing message cache...
Traceback (most recent call last):
File "/usr/bin/pritunl", line 33, in <module>
sys.exit(load_entry_point('pritunl==1.32.4115.91', 'console_scripts', 'pritunl')())
File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/__main__.py", line 352, in main
prefix + 'messages', capped=True,
UnboundLocalError: local variable 'prefix' referenced before assignment
As for Host Public Address they are set to:
Host Public IPv6 Address
Host Sync Address
Connection Single Sign-On Domain
After running on all 3 nodes
sudo service pritunl restart
I was able to login on vpnnode03 (and the others)
Is there an option to monitor the message cache or a log that indicate any error?
I had changed that command in the last release to only initialize the messages collection but didn’t test it. It will be fixed in the next release. It will still drop the collection before the error but it won’t get created until the service is restarted which initializes all the indexes.
The issue with capped collections/tailable cursors started in MongoDB 7, you may want to try updating the MongoDB server. I haven’t seen the issue in a while with the newer 7 releases. But it was very common with the early 7 releases. Upgrading to MongoDB 8 may also fix the issue assuming they have it fixed in that release. It doesn’t show any error messages it will just silently stop sending updates to the tailable cursor.
Hi
I can see we are running 6.0.20 as i remember there was some incompatibility issue with version 7 when we started using Pritunl.
I can see that MongoDB 6.0 is EOF July 2025 so we need to look into an upgrade anyways, is MongoDB 8.0 fully supported for Pritunl?
mongod --version
db version v6.0.20
Build Info: {
"version": "6.0.20",
"gitVersion": "ef4efd469fb0c5626c629c4f0f21398c9b5dd08f",
"openSSLVersion": "OpenSSL 3.0.2 15 Mar 2022",
"modules": [],
"allocator": "tcmalloc",
"environment": {
"distmod": "ubuntu2204",
"distarch": "x86_64",
"target_arch": "x86_64"
}
}
I have tested MongoDB 8 and there are no known issues. There are also no known issues with the newer MongoDB 7 releases.
Perfect we will plan an upgrade then.
Thanks.