[Solved] Problem Report: Unable to Connect to app.pritunl.com

NN-Devops · October 5, 2025, 1:27pm

Issue Summary:
Our Pritunl VPN server is currently unable to connect to app.pritunl.com, resulting in the loss of all active subscriptions and the inability to use SSO login.

Error Log:

Traceback (most recent call last):
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/requests/adapters.py", line 667, in send
    resp = conn.urlopen(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 801, in urlopen
    retries = retries.increment(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 594, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='app.pritunl.com', port=443): Max retries exceeded with url: /subscription (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x744b49f3a760>, 'Connection to app.pritunl.com timed out. (connect timeout=20)'))

During handling of the above exception, another exception occurred:

Details and Troubleshooting Performed:

The issue appears to be a connection timeout when attempting to reach app.pritunl.com from our AWS environment (ap-southeast-1 region).
This may be related to a known routing or IP connectivity issue mentioned in this community post:
https://forum.pritunl.com/t/pritunl-zero-crash-auth-google-request-failed/3424
Following the suggestion in that post, we temporarily updated /etc/hosts as below:
```
129.80.151.180 app.pritunl.com
129.80.151.180 auth.pritunl.com
```
This allowed temporary connectivity.
However, after removing these host records, the server again failed to connect to app.pritunl.com.

Impact:

Pritunl server cannot verify subscription.
SSO login is unavailable.
VPN users are unable to authenticate via the configured SSO method.

Request for Assistance:
Please help verify if there is an ongoing routing or connectivity issue affecting access to app.pritunl.com from the AWS ap-southeast-1 region, or if any IP changes have recently occurred.
We would appreciate any updated IP information or recommended configuration adjustments.

zach · October 5, 2025, 8:38pm

I took that secondary load balancer offline last night. Either remove the custom DNS records or manually add the primary load balancer 129.213.65.110.

NN-Devops · October 6, 2025, 1:26am

I have removed the custom DNS records, but the server still cannot connect to app.pritunl.com. This issue might be related to the outage described here: https://forum.pritunl.com/t/south-asia-outage/3423, since our VPN server is hosted in the AWS ap-southeast-1 region.

NN-Devops · October 6, 2025, 2:53am

After updating the route table, the issue was resolved. The problem was caused by a misconfiguration in our route table. Everything is working properly now
thank you for your support.