linux-cli
linux-cli copied to clipboard
ProtonVPN
"Invalid modulus" while trying to login using protonvpn-cli login pvpn_username
I use the newest release of ProtonVPN linux app with ProtonVPN CLI v3.7.1 (protonvpn-nm-lib v3.3.1; proton-client v0.5.1) on Linux Mint 20.1.
I am unable to use: protonvpn-cli login pvpn_username. Each time I type the correct username and correct password I get the following python error: ValueError: Invalid modulus. I attached logs that might be helpful in identifying the issue.
I have tried to troubleshot the issue myself but I do not have any more ideas. Any help would be greatly appreciated.
protonvpn.log protonvpn-cli.log
Same here, I took a look at /var/lib/python3/dist-packages/proton/api.py and the line 136 :
verified = self.__gnupg.decrypt(armored_modulus)"
seems to be part of the issue. The armored modulus is sent to gnupg.GPG().decrypt() and the output is indeed indalid so the check fails.
So, assuming my login prompt is correct, the wrong "amored modulus" variable is sent to gnupg and the decryption fails.
Note : I have some python knowledge but don't count on my analysis for anything related to the actual encryption. I am on ubuntu 18.04 and noticed that the official gui is incompatible with ubuntu prior to version 20 but I didn't see anything related on the page about the cli version.
Hey @sergiuszm Just to be sure, were you introducing your protonmail username and password and not your openvpn data ?
@calexandru2018 Yes, the input I have used was my protonmail username and password.
Same for me. But I tried both, and I actually tried "fake" username and got the same results (for example I removed the last character of my username)
@sergiuszm could you try changing the password to the same you have now (instead of to a new one), then tre logging in again.
@calexandru2018 Unfortunately, still the same error. Even with some fake data the error remains the same.
Might enabled 2FA be an issue here?
@sergiuszm thank you for the quick test. 2FA shouldn't be a problem as I also have it enabled. Could you please contact our support at: https://protonvpn.com/support-form
Also provide the link of this issue so they can see what we've attempted please.
Btw I don't have 2FA enabled and still have the same issue.
I didn't try to change the password to the same thing.
Note that I was able to use the community protonvpn cli utility for a few months without issue. I just uninstalled it right now to see if the latest release worked but apparently not.
@thiswillbeyourgithub the community client works because it uses a completely different implementation.
I have tried multiple different things with the help of ProtonVPN support but at the end I managed to fix the issue myself. I had to debug the code live in order to get the error from the gnupg lib: "GNUPG: No public key found...". So the code was not able to store ProtonVPN public key to decode the login information from the API.
The solution for me was to check and fix permission to the files in /home/user/.gnupg/ Some of the files were owned by root which was incorrect.
Thanks a lot @sergiuszm
I was able to fix the issue and get a successful login by following the commands indicated there : https://superuser.com/questions/954509/what-are-the-correct-permissions-for-the-gnupg-enclosing-folder-gpg-warning
Apparently my gnupg settings were incorrect too. I would have never found out without you, thanks a lot!
edit : I had to also chown .cache/protonvpn to my username.
Interesting, was not aware of such possible situation. Thank you for sharing your solution with the community!
@sergiuszm You saved my day man, thank you!
My .gnupg folder and its contents were own by root...
In addition to what has been said about the ~/.gnupg folder and its permission, it seems the ProtonVPN app does not work if $GNUPGHOME is set to anything else than ~/.gnupg.
I had it set to $XDG_DATA_HOME/gnupg in order to de-clutter my $HOME and it was the reason I could not launch the app or connect with the CLI anymore.
For future reference, use echo $GNUPGHOME to see if the variable is set. If nothing is output, no more action is required. If something is output and it is not ~/.gnupg or equivalent, make sure to unset the variable.
The variable should be set in .profile for bash, .zshenv for zsh or config.fish for fish.
I have not check the source code yet but a small patch (the like of if variable $GNUPGHOME is set, use it, otherwise check ~/.gnupg...) should be enough to counter this problem.
