# Current Issues ![](/files/A1JhoO3KMyqDocuZJ9xX) ## Current Issues If you are having issues with your Pritunl server review the list of current issues below. For new installations go to the [**Getting Started**](/kb/vpn/getting-started/getting-started.md) page. ## New Email Contact Addresses The email addresses below have been added to separate billing and low priority issues from higher priority issues. Use these email addresses for faster responses. * **General Contact** All other emails [**contact@pritunl.com**](mailto:contact@pritunl.com) * **Operations** Emails related to technical issues [**operations@pritunl.com**](mailto:operations@pritunl.com) * **Priority** Priority emails needing faster response [**priority@pritunl.com**](mailto:priority@pritunl.com) * **Outage** Emails related to outages [**outage@pritunl.com**](mailto:outage@pritunl.com) ### Google Single Sign-On Rate Limiting Due to rate limits on the Google Workspace API the server must be updated to [**Pritunl v1.32.4349.59**](https://github.com/pritunl/pritunl/releases/tag/1.32.4349.59) to correct the disconnections from Google API errors. Alternatively the hourly single sign-on re-verification can be disabled with `sudo pritunl set app.sso_connection_check false`. This will still perform the check when the connection is started but the checks that occur every hour during an active connection will not be performed. #### Azure AD Graph Migration [**Azure AD Graph Migration**](/kb/vpn/sso/azure-ad-migration.md) will need to be completed for all Azure configurations. Connection errors will start occurring on configurations that have not completed the migration. #### Debugging Information The [**Client Debugging**](https://github.com/pritunl/pritunl-docs/blob/master/debugging/client.md) and [**Server Debugging**](https://github.com/pritunl/pritunl-docs/blob/master/debugging/server.md) documentation has detailed information on debugging the software. #### EPEL OpenVPN Issue There is currently an issue with the compilation options used on the OpenVPN package in the EPEL repository. This issue will cause routing issues on some connections. To fix this issue run the command below to install the newer OpenVPN package from the Pritunl repository. This issue will only occur on UDP servers, TCP can also be used as a workaround. The `pritunl-openvpn` package is only available on the Pritunl RHEL based repositories and will provide the latest version of OpenVPN. ```shell sudo yum swap openvpn pritunl-openvpn ``` ```shell sudo yum --allowerasing install pritunl-openvpn ``` This can be reverted by running the command below. ```shell sudo yum --allowerasing install openvpn ``` #### CentOS Discontinued CentOS was discontinued and the operating system will no longer be updated. The Pritunl repositories for CentOS were also discontinued. The [**Oracle Linux Repositories**](https://github.com/pritunl/pritunl-docs/blob/master/repositories.md) are fully compatible with CentOS. These can be used to recieve updates for Pritunl. To continue getting system updates the system must be switched to Oracle Linux. Oracle providers a script to [**upgrade CentOS to Oracle Linux**](https://linux.oracle.com/switch/centos/) that will convert an existing CentOS system to Oracle Linux. #### Connection MTU Issues Some connections may have MTU issues this can be fixed by entering a lower MSS Fix value in the server settings. First test 1200 or lower to confirm that it is an MTU issue. If this fixes the connection increase the MTU in a range of 1200-1400 to find a working MTU. ![](/files/Ot6ubdcfe1SvFMFJMKeU) #### Carrier-Grade NAT Carrier-grade NATs are becoming more common to mitigate IPv4 address exhaustion. These are common with all cellular connections and wired ISP connections in foreign countries with limited IPv4 address space. These can cause issues with MTU detection and UDP VPN servers. Switching the server protocol to TCP with a lower MTU may fix issues when a carrier-grade NAT is present. #### iOS DNS Issue There are currently three fixes for the DNS issue on iOS. Add the DNS server to the server routes. The default DNS server used is `8.8.8.8` add the route `8.8.8.8/32` to the server routes for this configuration. Remove the DNS server from the settings. This will instruct the client to use their current DNS configuration. This could cause problems with some clients if that DNS configuration becomes unroutable due to the VPN routes. Enable *VPN Client DNS Mapping* in the advanced server settings. This will start a DNS server on the Pritunl server that will proxy all DNS requests and will always be available to the client. ### Ubuntu Update Issue If Ubuntu 20.04 is configured with the Ubuntu 18.04 Pritunl repository the error `ModuleNotFoundError: No module named 'encodings'` will be shown when attempting to start Pritunl. This can be fixed by running the commands below to update the repository files to the correct distribution. ```sh sudo tee /etc/apt/sources.list.d/pritunl.list << EOF deb http://repo.pritunl.com/stable/apt focal main EOF sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list << EOF deb https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse EOF wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - sudo apt update sudo apt upgrade ``` ### Lets Encrypt Root Certificate Issue Due to the Oct 1st expiration of the Lets Encrypt root certificate all v1.29 versions of Pritunl containing the expired certificate will no longer produce a valid certificate. Having an invalid certificate will not disrupt VPN service. The primary issue will occur when a user attempts to import a new profile to the Pritunl Client. Both the Pritunl Client and Pritunl Server need to be updating to the latest releases containing the new root certificates to fix this issue. The issue can easily be avoided by clicking *Download Profiles* on the profile page then importing the tar file into the Pritunl Client by click *Import Profile*, this is the same profile data that would be imported with a URI. The issue can also be avoided by replacing the domain name in the URI with the IP address of the server. The client will ignore certificate validation for URI's containing an IP address. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/current-issues.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.