@zach The latest update in 1.32.3498.90 for the user-agent is awesome. Thank you!
It looks like the x-forwarded-for address if pulling a variable called remote_ip defined in authorizer.py perhaps. With our server hosted in AWS us-west-2 (oregon) the location in the Okta Push is misleading. Is it possible to update this value to be the requesting users public IP?
A lot of connection methods will use HTTPS requests before the OpenVPN connection such as single sign-on connection authentication. The IP address would be obtained from that request not the VPN connection.
I will try reproducing the issue. I believe the header stopped working a while ago. You can try editing /usr/lib/pritunl/lib/python3.8/site-packages/pritunl/sso/okta.py and modifying the header to verify it isn’t an issue with sending the wrong address.