If you are having issues with your Pritunl server review the list of current issues below. For new installations go to the Getting Started page.
rpm-plugin-selinux package on Oracle Linux 8 will cause SELinux based package updates to fail. This package was on the Oracle Linux 8 repositories for a short period of time before being fixed. If this broken package was installed during this time frame any future updates of packages that include SELinux policies will fail during unpacking. This issue is most likely to have occurred on systems with automatic updates enabled. If the Pritunl package is updated in this state the old files will be removed from the system and the new files will fail to unpack. The Pritunl server will continue to run but will show the error
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /usr/lib/pritunl/lib/python3.6/site-packages/certifi/cacert.pem when attempting to load this file that will be removed. The issue must be fixed manually by running the commands below to fix this package, once fixed updates can be completed and the software will resume working. This issue is fully documented on the Oracle Support Knowledge Doc ID 3002168.1.
sudo rpm -e --nodeps rpm-plugin-selinux
sudo dnf -y install rpm-plugin-selinux
sudo dnf -y update
If automatic updates are enabled the openssh-server package will get updated and fail to unpack. This will cause the error Connection closed by remote host and Connection reset by. Once this occurs a startup script must be run to fix the package. Below is a Cloud Init script to fix the issue.
To fix this on AWS after the SSH server is inaccessible stop the instance. Then click Instance settings → Edit user data and add the script below.
while ! ping -c1 google.com &>/dev/null; do echo "Waiting for network..."; sleep 1; done
rpm -e --nodeps rpm-plugin-selinux
dnf -y install rpm-plugin-selinux
dnf -y update
Previous versions of the client are available on the Pritunl GitHub Releases click Assets to expand the available packages. Information on debugging the client is available in the Client Debugging documentation.
There are multiple known issues with MongoDB 7, it is currently recommended to continue using MongoDB 6 and avoid upgrading to MongoDB 7.
MongoDB 7 has known issues with the capped collections. The
messages capped collection is used for host to host messaging and will typically result in the error
Server start timed out when not functioning.
This can be fixed by running the command
sudo pritunl destroy-secondary this command will clear all the database collections used for temporary cache. The latest release has the command
sudo pritunl clear-message-cache to drop only this collection.
A recent 4.4 and 5.0 update prevents the MongoDB database from starting. MongoDB 6.0 is not effected. If this occurs downgrade the MongoDB release using the commands below.
sudo yum install mongodb-org-4.4.18 mongodb-org-server-4.4.18
sudo yum install mongodb-org-5.0.14 mongodb-org-database-5.0.14 mongodb-org-server-5.0.14
CentOS 8 was discontinued on December 31st, 2021 the operating system will no longer be updated. The Pritunl repositories for CentOS 8 were also discontinued. The Oracle Linux 8 repository is fully compatible with any RHEL8 distribution including CentOS 8 and AlmaLinux 8. The Oracle Linux 8 Pritunl repository can be used on CentOS 8 but in order for the system to receive updates it must be switched to Oracle Linux 8. Oracle providers a script to upgrade to Oracle Linux 8 that will convert an existing CentOS 8 system to Oracle Linux 8.
Due to the Oct 1st expiration of the Lets Encrypt root certificate all v1.29 versions of Pritunl containing the expired certificate will no longer produce a valid certificate. Having an invalid certificate will not disrupt VPN service. The primary issue will occur when a user attempts to import a new profile to the Pritunl Client. Both the Pritunl Client and Pritunl Server need to be updating to the latest releases containing the new root certificates to fix this issue.
The issue can easily be avoided by clicking Download Profiles on the profile page then importing the tar file into the Pritunl Client by click Import Profile, this is the same profile data that would be imported with a URI. The issue can also be avoided by replacing the domain name in the URI with the IP address of the server. The client will ignore certificate validation for URI's containing an IP address.
If Ubuntu 20.04 is configured with the Ubuntu 18.04 Pritunl repository the error
ModuleNotFoundError: No module named 'encodings' will be shown when attempting to start Pritunl. This can be fixed by running the commands below to update the repository files to the correct distribution.
sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb http://repo.pritunl.com/stable/apt focal main
sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list << EOF
deb https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
sudo apt update
sudo apt upgrade
There is currently an issue with the compilation options used on the OpenVPN package in the EPEL repository. This issue will cause routing issues on some connections. To fix this issue run the command below to install the newer OpenVPN package from the Pritunl repository. This issue will only occur on UDP servers, TCP can also be used as a workaround.
pritunl-openvpn package is only available on the Oracle Linux 7 and Oracle Linux 8 repositories and will provide the latest version of OpenVPN. These repositories can be used on any RHEL Linux distribution including CentOS.
sudo yum swap openvpn pritunl-openvpn
sudo yum --allowerasing install pritunl-openvpn
This can be reverted by running the command below.
sudo yum --allowerasing install openvpn
Some connections may have MTU issues this can be fixed by entering a lower MSS Fix value in the server settings. First test 1200 or lower to confirm that it is an MTU issue. If this fixes the connection increase the MTU in a range of 1200-1400 to find a working MTU.
There are currently three fixes for the DNS issue on iOS.
Add the DNS server to the server routes. The default DNS server used is
22.214.171.124 add the route
126.96.36.199/32 to the server routes for this configuration.
Remove the DNS server from the settings. This will instruct the client to use their current DNS configuration. This could cause problems with some clients if that DNS configuration becomes unroutable due to the VPN routes.
Enable VPN Client DNS Mapping in the advanced server settings. This will start a DNS server on the Pritunl server that will proxy all DNS requests and will always be available to the client.
Updated 5 days ago