Discussions

Ask a Question

pritunl service has permanently high CPU usage

Hello, I have pritunl community edition installed on my server. What has always wondered me is that the main process (which then starts pritunl-web and openvpn) is constantly (in my case) causing 5-10% CPU usage. What happens here? Is this normal? I have to say that I have only created one user in the system which is also connected. So it's not like there is a lot of activity on the server...

How to reject weak cipher suites from the server?

Hi there, Running sslyze (see output below), I noticed a non-compliant configuration to the VPN server and it doesn't seem like it's something we can control - the list of available ciphers suites. Is there a way to reject these ciphers? āžœ ~ python -m sslyze <VPN_HOST> COMPLIANCE AGAINST MOZILLA TLS CONFIGURATION -------------------------------------------- Checking results against Mozilla's "intermediate" configuration. See https://ssl-config.mozilla.org/ for more details. FAILED - Not compliant. * ciphers: Cipher suites {'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'} are supported, but should be rejected.

Pritunl windows client exception

Recently, we found that the client always fails to pass the authentication on windows, and the same ID can pass the authentication normally on MacOS, but on windows, the error "failed to authenticate..." is reported.

Pritunl and source ip tcp connections

Hello everyone. I have successfully implemented pritunl for the first time. But I am having problems with a specific application. I can't connect to the office ERP because all TCP connections are coming from the pritunl server ip instead of the VPN client ip. The ERP sees as source TCP connection the Pritunl Server IP (172.16.28.93) instead of the VPN Client IP (172.16.93.2). This is the reason why the login fails. Is there any way to remedy this? Thank you!

Influx uri for monitoring

Hello, in which file I am supposed to put this ? : influxdb://username:[email protected]:8086/pritunl Related to https://docs.pritunl.com/docs/monitoring Thanks !

Changing the date and time on a Pritunl host

Hi, How do I adjust the date and time on a Pritunl server or host? I want to sync the date and time on a Pritunl host with a NTP server. Thank you, James Pedersen

Does Pritunl allow for adding IdP SAML metadata?

Hi, Can we add custom SAML metadata generated by an IdP to a Pritunl server that's using SAML to authenticate VPN users? Thank you, James Pedersen

Pritunl client containerized environment support

Is it possible to run Pritunl client from within a container? So that the container can access intra-network resources? The standard installation fails. The non electron client seems to depend on resolveconf, which cannot be configured in such an environment. The electron client for what ever reason isn't also getting installed correctly.

How to configure Pritunl to force SAML users to periodically reauthenticate

Hi, Is there any way to configure Pritunl (the server or the desktop client) to force SAML users who have logged in to the VPN to reauthenticate after a given number of minutes? Thank you, James Pedersen

How to get the Pritunl desktop client to redirect to okta

Hi, Does the Pritunl desktop client support SAML ECP? https://www.oasis-open.org/committees/download.php/49979/saml-ecp-v2.0-wd09.pdf I want the Pritunl desktop client, when I try to sign in to the VPN, to open a browser window which redirects to Okta and asks me to enter my Okta password if I haven't signed in to Okta already on the device. Right now the Pritunl desktop client is automatically signing me in to the VPN without asking for my Okta password. Do you know of any ways of achieving this? Thank you, James Pedersen

Client Autostart ON = Authentication Failed

When I select to Autostart a VPN-connection it always fails to authenticate but works as usual when I start it manually.. Is it something in my config maybe? ---> client dev tun proto udp remote openvpn.******.*** #### remote-random resolv-retry infinite reneg-sec 0 nobind persist-key persist-tun verb 3 mute 10 auth-user-pass explicit-exit-notify 2 cipher aes-256-cbc auth SHA512 script-security 2 remote-cert-tls server key-direction 1 <ca>...</ca> <tls-auth>...</tls-auth>

Ubuntu 21.10

Are there any options to install pritunl on Ubuntu 21.10? When do you plan to add support Ubuntu 21.10?

ipset issues with 1.30.3065.49 on Ubuntu 18.04 and 20.04

Hi, we are experiencing the following issues with 1.30.3065.49-0ubuntu1~bionic on Ubuntu 18.04 and with 1.30.3065.49-0ubuntu1~focal on Ubuntu 20.04: The error is the same for both Ubuntu versions: [patient-waves-2259][2022-02-06 18:39:30,366][ERROR] Server error occurred while running Traceback (most recent call last): File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1587, in _run_thread self.generate_iptables_rules() File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 669, in generate_iptables_rules self.iptables.generate() File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 1157, in generate self._generate_sets() File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 190, in _generate_sets self._create_sets() File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 1395, in _create_sets utils.check_output_logged( File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 218, in check_output_logged raise subprocess.CalledProcessError( subprocess.CalledProcessError: Command '['ipset', 'add', '620007d2cf28724760a8d2c2_or6', '::/0']' returned non-zero exit status 1. server_id = "xx" instance_id = "xx" Feb 06 18:39:30 hostname pritunl[831]: [patient-waves-2259][2022-02-06 18:39:20,162][ERROR] Popen returned error exit code Feb 06 18:39:30 hostname pritunl[831]: cmd = ["ipset", "add", "620007c8cf28724760a8d2b7_or6", "::/0"] Feb 06 18:39:30 hostname pritunl[831]: return_code = 1 Feb 06 18:39:30 hostname pritunl[831]: Process stderr: Feb 06 18:39:30 hostname pritunl[831]: ipset v7.5: The value of the CIDR parameter of the IP address is invalid Feb 06 18:39:30 hostname pritunl[831]: Traceback (most recent call last): Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap Feb 06 18:39:30 hostname pritunl[831]: self._bootstrap_inner() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner Feb 06 18:39:30 hostname pritunl[831]: self.run() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/python3.8/threading.py", line 870, in run Feb 06 18:39:30 hostname pritunl[831]: self._target(*self._args, **self._kwargs) Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 1587, in _run_thread Feb 06 18:39:30 hostname pritunl[831]: self.generate_iptables_rules() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 669, in generate_iptables_rules -- Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/server/instance.py", line 669, in generate_iptables_rules Feb 06 18:39:30 hostname pritunl[831]: self.iptables.generate() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 1157, in generate Feb 06 18:39:30 hostname pritunl[831]: self._generate_sets() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 190, in _generate_sets Feb 06 18:39:30 hostname pritunl[831]: self._create_sets() Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/iptables.py", line 1395, in _create_sets Feb 06 18:39:30 hostname pritunl[831]: utils.check_output_logged( Feb 06 18:39:30 hostname pritunl[831]: File "/usr/lib/pritunl/lib/python3.8/site-packages/pritunl/utils/misc.py", line 218, in check_output_logged Feb 06 18:39:30 hostname pritunl[831]: raise subprocess.CalledProcessError( Feb 06 18:39:30 hostname pritunl[831]: subprocess.CalledProcessError: Command '['ipset', 'add', '620007d2cf28724760a8d2c2_or6', '::/0']' returned non-zero exit status 1. Feb 06 18:39:30 hostname pritunl[831]: server_id = "xx" Feb 06 18:39:30 hostname pritunl[831]: instance_id = "xx Disabling IPv6 in the affected server process helps. Cheers, Dominik

Latest Pritunl Error on RHEL7 with IPtables?

Hello, Just found my Pritunl setup running on CentOS 7 broke under the latest version. Previous running version was: pritunl-1.30.3043.48-1.el7.centos.x86_64 Latest version: pritunl-1.30.3058.49-1.el7.centos.x86_64 -- errors out with the python/IPtables error below: `[ancient-skies-5206][2022-01-27 00:23:30,149][INFO] Starting vpn server server_id = "" instance_id = "" instances = [] instances_count = 0 route_count = 11 network = "" network6 = "" host_id = "" host_address = "" host_address6 = "" host_networks = [""] cur_timestamp = "2022-01-27 00:23:30.149550" libipt = false [ancient-skies-5206][2022-01-27 00:23:30,569][ERROR] Server error occurred while running Traceback (most recent call last): File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/server/instance.py", line 1586, in _run_thread self.generate_iptables_rules() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/server/instance.py", line 669, in generate_iptables_rules self.iptables.generate() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1115, in generate self._generate_sets() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 181, in _generate_sets self._delete_sets() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1361, in _delete_sets ['ipset', 'destroy', name], File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/utils/misc.py", line 227, in check_call_silent process = subprocess.Popen(stdout=_null, stderr=_null, *args, **kwargs) File "/usr/lib64/python3.6/subprocess.py", line 729, in __init__ restore_signals, start_new_session) File "/usr/lib64/python3.6/subprocess.py", line 1364, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'ipset': 'ipset' server_id = "" instance_id = "" [ancient-skies-5206][2022-01-27 00:23:30,580][ERROR] Server iptables clean up error Traceback (most recent call last): File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/server/instance.py", line 1802, in _run_thread self.iptables.clear_rules() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1455, in clear_rules self._delete_sets() File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/iptables.py", line 1361, in _delete_sets ['ipset', 'destroy', name], File "/usr/lib/pritunl/lib/python3.6/site-packages/pritunl/utils/misc.py", line 227, in check_call_silent process = subprocess.Popen(stdout=_null, stderr=_null, *args, **kwargs) File "/usr/lib64/python3.6/subprocess.py", line 729, in __init__ restore_signals, start_new_session) File "/usr/lib64/python3.6/subprocess.py", line 1364, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'ipset': 'ipset' server_id = "" instance_id = ""` also tried the next previous version, pritunl-1.30.3053.58-1.el7.centos.x86_64 with same errors, along with some troubleshooting around python version & IPtables... Was unable to get working, so had to revert to previous working pritunl-1.30.3043.48-1.el7.centos.x86_64 Any ideas? Guessing this may be running into some end of support issues for python 3.6 or RHEL7 based installs?

"[ERROR] Server iptables clean up error" since 1.30.3053.58

4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux PRETTY_NAME="Debian GNU/Linux 10 (buster)" Downgrading to pritunl_1.30.3043.48-0debian1.buster_amd64 works as before. ``` Traceback (most recent call last): File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/server/instance.py", line 1586, in _run_thread self.generate_iptables_rules() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/server/instance.py", line 669, in generate_iptables_rules self.iptables.generate() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/iptables.py", line 1115, in generate self._generate_sets() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/iptables.py", line 181, in _generate_sets self._delete_sets() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/iptables.py", line 1361, in _delete_sets ['ipset', 'destroy', name], File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/utils/misc.py", line 227, in check_call_silent process = subprocess.Popen(stdout=_null, stderr=_null, *args, **kwargs) File "/usr/lib/python3.7/subprocess.py", line 775, in __init__ restore_signals, start_new_session) File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'ipset': 'ipset' [autumn-plains-4668][2022-01-27 05:11:40,732][ERROR] Server iptables clean up error Traceback (most recent call last): File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/server/instance.py", line 1802, in _run_thread self.iptables.clear_rules() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/iptables.py", line 1455, in clear_rules self._delete_sets() File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/iptables.py", line 1361, in _delete_sets ['ipset', 'destroy', name], File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/utils/misc.py", line 227, in check_call_silent process = subprocess.Popen(stdout=_null, stderr=_null, *args, **kwargs) File "/usr/lib/python3.7/subprocess.py", line 775, in __init__ restore_signals, start_new_session) File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'ipset': 'ipset' ```

No auditing logs in Influxdb after upgrade

pritunl stop string influxdb pritunl.autogen.pritunl_user_connections table logs after upgrading the pritunl and influxdb using an apt upgrade. I am an enterprise user.

Where is pritunl-ndppd for bullseye?

Hello! I could not install pritunl on Debian bullseye cause of package pritunl-ndppd is missing. Regards, Alex.

Every DNS request is being sent to the internal VPN DNS

Every DNS request is being sent to the internal VPN DNS. I want to resolve only specific domains internally, and the rest the client itself resolves locally. I found some information about Split-DNS in the Openvpn documentation, but I don't know how to configure it in Pritunl. Does anyone have any suggestions?

High LA when VPN servers are updating

Hello. We have a couple dozen of VPN servers and we have more than 100 VPN clients so when we add new routes or change current ones LA of VM, where Pritunl was be setuped, growing up and another VPN servers may shutting off with error `Server stopped unexpectedly` We use lib_iptables on VM with 16 cores on Centos 8 Stream, also we tried disable lib_iptables but we still faced the problem with `Server stopped unexpectedly`

block connections to the TOR network

Hello, could you give me an idea of how to block connections to the TOR network? or some way to identify which user is connecting to a tor network?