Error 12: on-connect

[efef]

A few users complaint about "suddenly we can't connect anymore" and above error message is shown.

Workaround: -user removes the "university" VPN profile in the macOS app. (select profile and then the "-" button at the bottom left) -user opens his browser and proceeds to log-in at the eduVPN portal "https: // .eduvpn.nl" -after browser login, the user in the app goes to "institute access" selects his "university" and proceeds to log in.

• then it works again

The workaround indicates an OAuth bug

[ghost]

My guess is that the refresh token is no longer accepted by the server, but the app doesn't handle deleting it locally, nor automatically try to get a new one by starting the authorization phase again.

[efef]

In issue #190 is written where the OAuth token is stored.

For server surfnet.eduvp.nl the OAuth token should be here: /Users/rogier/Library/Containers/org.eduvpn.app/Data/Library/Application Support/org.eduvpn.app/surfnet.eduvpn.nl/portal/_oauth/authorize

ls -l shows: -rw-r--r--@ 1 rogier staff 4251 Apr 6 12:55 authState.bin

Interesting the date of this file is April 6th and not today (April 10th)

[ghost]

Would it be possible to add all (none HTTP/200) responses from the OAuth server / API endpoint in the app log so we can more easily see what is going on?

[efef]

In surfnet.eduvpn.nl server logging we notice refresh token and certificate were valid till: Naam Verloopt (UTC)
org.eduvpn.app.macos 2020-05-06 10:55:48
org.eduvpn.app.macos 2020-04-05 10:30:44

So on April 6th a new refresh token and new certificate has been provided. Is valid for 1 month.

[ghost]

I also just got this. The macOS app does NOT refresh the list of available profiles (ever?) so when a profile is no longer available (on the server), trying to choose it in the app won't work and results in error 12.

[johankool]

That is error AppCoordinatorError.ovpnConfigTemplateNoRemotes. It is raised when the ovpn file does not contain a remote. That seems likely to happen if the profiles aren't updated indeed and the app tries to handle whichever error message it got from the server as ovpn file.