Current Issues

If you are having issues with your Pritunl server review the list of current issues below. For new installations go to the Getting Started page.

Lets Encrypt Root Certificate Issue

Due to the Oct 1st expiration of the Lets Encrypt root certificate all v1.29 versions of Pritunl containing the expired certificate will no longer produce a valid certificate. Having an invalid certificate will not disrupt VPN service. The primary issue will occur when a user attempts to import a new profile to the Pritunl Client. Both the Pritunl Client and Pritunl Server need to be updating to the latest releases containing the new root certificates to fix this issue.

The issue can easily be avoided by clicking Download Profiles on the profile page then importing the tar file into the Pritunl Client by click Import Profile, this is the same profile data that would be imported with a URI. The issue can also be avoided by replacing the domain name in the URI with the IP address of the server. The client will ignore certificate validation for URI's containing an IP address.

Automatic Update Issues

Multiple issues have occurred with the Python 3 upgrade of Pritunl on servers configured with automatic updates.

When Pritunl is upgraded from Python 2 to 3 the file /usr/lib/pritunl/lib/python2.7/site-packages/certifi/cacert.pem is removed and the new version is installed at /usr/lib/pritunl/lib/python3.6/site-packages/certifi/cacert.pem. The package update process for Pritunl will not restart the pritunl service, this is done to prevent unexpectedly disrupting VPN connections during an upgrade. The Python 2 Pritunl process will continue running and because the cacert.pem file is loaded on demand when the process attempts to make a web request it will fail to load the file. The package was updated to fix the issue but the daily schedule for automatic yum updates will not apply the fix until the next scheduled update.

This will cause the subscription activation to show "Server error occurred"

This can be fixed by running the commands below or by manually running sudo yum clean all; sudo yum update

sudo mkdir -p /usr/lib/pritunl/lib/python2.7/site-packages/certifi
sudo sh -c "curl https://curl.se/ca/cacert.pem > /usr/lib/pritunl/lib/python2.7/site-packages/certifi/cacert.pem"

An additional issue was then found with RPM builds of Pritunl after the fixed package was updated. Due to an issue with Python 3 compilation in rpmbuild files were not correctly associated the RPM package. This caused the directory /usr/lib/pritunl/lib/python3.6/site-packages/pritunl-1.30.2944.96-py3.6.egg-info to remain on the file system when upgrading from v1.30.2944.96 to v1.30.2945.35. This will prevent the pritunl service from starting. This has been fixed in an updated package and can be applied by running sudo yum clean all; sudo yum update or the relavent command for your Linux distribution.

EPEL OpenVPN Issue

There is currently an issue with the compilation options used on the OpenVPN package in the RHEL 8 EPEL repository. This issue will cause routing issues on some connections. To fix this issue run the command below to install the newer OpenVPN package from the Pritunl repository. This issue will only occur on UDP servers, TCP can also be used as a workaround.

The pritunl-openvpn package is only available on the Oracle Linux 7 and Oracle Linux 8 repositories and will provide the latest version of OpenVPN. These repositories can be used on any RHEL Linux distribution including CentOS.

sudo yum swap openvpn pritunl-openvpn
sudo yum --allowerasing install pritunl-openvpn

This can be reverted by running the command below.

sudo yum --allowerasing install openvpn