NO_VALID_ANSWERS error is raised all the time while curling the same URL from bash has OK state. This service had been running for more than 1 year.
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/sso/yubico.py", line 30, in auth_yubico
if client.verify(yubikey) is not True:
File "/usr/lib/pritunl/lib/python2.7/site-packages/yubico_client/yubico.py", line 188, in verify
raise Exception('NO_VALID_ANSWERS')
Exception: NO_VALID_ANSWERS
The workaround is to override the IP address of api.yubico.com in hosts file with one of the four short lived A records.
I have found this is due to an issue with IPv6. If you disable IPv6 on your server the issue will be resolved as well. I do not use IPv6 so that is fine with me but definitely not a long term solution.
API URL api.yubico.com is used.
python-yubico-client version: v1.12.0 python version: python-2.7.5-90.el7.x86_64 OS: CentOS 7
NO_VALID_ANSWERS error is raised all the time while curling the same URL from bash has OK state. This service had been running for more than 1 year.
The workaround is to override the IP address of api.yubico.com in hosts file with one of the four short lived A records.