Debugging

Debugging Pritunl Client

Linux

Log Locations:

  • Service Log: /var/log/pritunl-client.log
  • Interface Logs: ~/.config/pritunl/pritunl.log
  • Profile Logs: ~/.config/pritunl/profiles/PROFILE_ID.log

Manually Restart Service:

sudo systemctl restart pritunl-client.service

macOS

Log Locations:

  • Service Log: /var/log/pritunl.log
  • Interface Log: ~/Library/Application Support/pritunl/pritunl.log
  • Profile Logs: ~/Library/Application Support/pritunl/profiles/PROFILE_ID.log

Manually Restart Service:

Use the commands below to manually restart the service.

sudo launchctl unload /Library/LaunchDaemons/com.pritunl.service.plist
sudo launchctl disable system/com.pritunl.service
sudo launchctl enable system/com.pritunl.service
sudo launchctl load /Library/LaunchDaemons/com.pritunl.service.plist

Manually Run Service:

Use the commands below to stop the background service and manually run it in the foreground to debug issues. After testing use the command above to restore the background service.

sudo launchctl unload /Library/LaunchDaemons/com.pritunl.service.plist
sudo launchctl disable system/com.pritunl.service
sudo pritunl-service

Manually Uninstall:

# Service
kill -2 $(ps aux | grep Pritunl.app | awk '{print $2}') &> /dev/null || true
sudo launchctl unload /Library/LaunchAgents/com.pritunl.client.plist &> /dev/null || true
sudo launchctl unload /Library/LaunchDaemons/com.pritunl.service.plist &> /dev/null || true

# Pritunl
sudo rm -rf /Applications/Pritunl.app
sudo rm -f /Library/LaunchAgents/com.pritunl.client.plist
sudo rm -f /Library/LaunchDaemons/com.pritunl.service.plist
sudo rm -f /private/var/db/receipts/com.pritunl.pkg.Pritunl.bom
sudo rm -f /private/var/db/receipts/com.pritunl.pkg.Pritunl.plist

# Profiles
rm -rf ~/Library/Application Support/pritunl
rm -rf ~/Library/Caches/pritunl
rm -rf ~/Library/Preferences/com.electron.pritunl.plist

# Files
sudo rm -f /var/run/pritunl_auth
sudo rm -f /var/run/pritunl.sock
sudo rm -f /var/log/pritunl.log
sudo rm -f /var/log/pritunl.log.1
sudo rm -rf /var/lib/pritunl-client

# Old Files
sudo rm -rf /var/lib/pritunl
sudo kextunload -b net.sf.tuntaposx.tap &> /dev/null || true
sudo kextunload -b net.sf.tuntaposx.tun &> /dev/null || true
sudo rm -rf /Library/Extensions/tap.kext
sudo rm -rf /Library/Extensions/tun.kext
sudo rm -f /Library/LaunchDaemons/net.sf.tuntaposx.tap.plist
sudo rm -f /Library/LaunchDaemons/net.sf.tuntaposx.tun.plist
sudo rm -rf /usr/local/bin/pritunl-openvpn
sudo rm -rf /usr/local/bin/pritunl-service

Check keychain:

security add-generic-password -U -s pritunl -a test -w password login-keychain
security find-generic-password -w -s pritunl -a test
security delete-generic-password -s pritunl -a test

Check DNS:

sudo scutil --dns
sudo scutil
> open
> show State:/Network/Global/DNS
> show State:/Network/Pritunl/DNS
> show State:/Network/Pritunl/Restore
> quit

Connection MTU

Some connections may have MTU issues this can be fixed by entering a lower MSS Fix value in the server settings. First test 1200 or lower to confirm that it is an MTU issue. If this fixes the connection increase the MTU in a range of 1200-1400 to find a working MTU.

333333

To test for MTU issues first ping a over sized packet using the commands below. This should report an over size packet error. On Linux the discovered MTU will be shown. Take the expected MTU and subtract 28 then test that the ping functions. Replace 192.168.123.1 with the virtual IP address of the Pritunl server to test both the internet and VPN connection for MTU issues. When pinging the VPN address the MTU will be lower then the MTU for non-VPN traffic.

All packet sizes should either return an over sized packet error or a successful ping. If a specific packet size times out this indicates an MTU issue.

ping -M do -s 2000 app.pritunl.com
Frag needed and DF set (mtu = 1500)
ping -M do -s 1472 app.pritunl.com

ping -M do -s 2000 192.168.123.1
Frag needed and DF set (mtu = 1500)
ping -M do -s 1392 192.168.123.1
ping -D -s 2000 app.pritunl.com
Message too long
ping -M do -s 1472 app.pritunl.com

ping -D -s 2000 192.168.123.1
Message too long
ping -M do -s 1392 192.168.123.1
ping -f -l 2000 app.pritunl.com
Package needs to be fragmented but DF set.
ping -f -l 1472 app.pritunl.com

ping -f -l 2000 192.168.123.1
Package needs to be fragmented but DF set.
ping -f -l 1392 192.168.123.1

Windows

Log Locations:

  • Service Log: C:\ProgramData\Pritunl\pritunl-client.log
  • Interface Log: C:\Users\USERNAME\AppData\Roaming\pritunl\pritunl-client.log
  • Profile Logs: C:\Users\USERNAME\AppData\Roaming\pritunl\profiles\PROFILE_ID.log

Chrome OS

Press ctrl+alt+t in terminal run commands route -4 and route -6. Open chrome://net-internals select ChromeOS on the left then click Store Debug Logs. In the Downloads directory drag the log archive to Google Drive. Download the log archive and open the file var/log/messages.

iOS DNS Issue

There are currently three fixes for the DNS issue on iOS.

Add the DNS server to the server routes. The default DNS server used is 8.8.8.8 add the route 8.8.8.8/32 to the server routes for this configuration.

Remove the DNS server from the settings. This will instruct the client to use their current DNS configuration. This could cause problems with some clients if that DNS configuration becomes unroutable due to the VPN routes.

Enable VPN Client DNS Mapping in the advanced server settings. This will start a DNS server on the Pritunl server that will proxy all DNS requests and will always be available to the client.

WireGuard

Some network connections will not support OpenVPN for these connections WireGuard should be configured to avoid connection issues.

Developer Tools

The Pritunl Client is an Electron app, the commands below can be used to start the client with the developer tools open for debugging. After the developer tools is shown open the top right menu in the tools and undock the window.

# macOS
/Applications/Pritunl.app/Contents/MacOS/Pritunl --dev-tools
# Windows
& 'C:\Program Files (x86)\Pritunl\pritunl.exe' --dev-tools
# Linux
pritunl-client-electron --dev-tools