dlenski / gp-saml-gui

Interactively authenticate to GlobalProtect VPNs that require SAML
GNU General Public License v3.0
301 stars 70 forks source link

Connect to VPN, but cannot ping or access restricted hosts #17

Closed maraal closed 4 years ago

maraal commented 4 years ago

I had installed gp-saml-gui from AUR and I can connect and make the SAML Auth, but i cannot ping or access restrict hosts, by restrict hosts I mean those wich is supposed to be avaliable from the VPN.

Please, tell me if I need to share some log. I not copy-paste the output of the command here because I am not sure if it is sensible.

Thanks!

dlenski commented 4 years ago

i cannot ping or access restrict hosts, by restrict hosts I mean those wich is supposed to be avaliable from the VPN.

This indicates that something is going wrong with OpenConnect (or the routing/DNS configuration scripts), rather than with gp-saml-gui. My best wild guess, in the absence of any other information, would be that you need to submit a HIP report while connecting to the VPN. Many GlobalProtect VPNs prevent accessing internal resources until it's submitted.

Try running OpenConnect with the --dump -vvvv options, compare your routing and DNS configuration before and after connecting, and take a look at existing GlobalProtect-related issues at https://gitlab.com/openconnect/openconnect/issues?state=all&label_name[]=GlobalProtect before submitting a new one.

maraal commented 4 years ago

I would try issue openconnect --dump -vvvv but i don't know how to make it authenticate with saml.

dlenski commented 4 years ago

i don't know how to make it authenticate with saml.

…?

You just take the openconnect command as output by gp-saml-gui and add those arguments to it!

maraal commented 4 years ago

Oh, it works! I was trying without the echo part, thank you! Its seem to be what you have said, the server asks for a HIP report. I will look for how to do it. Thanks!

maraal commented 4 years ago

Thanks, I am able to connect and access the hosts with the generated HIP report by the hipreport.sh script. l.

Em sex., 18 de set. de 2020 às 15:37, Dan Lenski notifications@github.com escreveu:

i don't know how to make it authenticate with saml.

…?

You just take the openconnect command as output by gp-saml-gui https://github.com/dlenski/gp-saml-gui/blob/master/gp-saml-gui.py#L277-L278 and add those arguments to it!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dlenski/gp-saml-gui/issues/17#issuecomment-695024175, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHUAVYI6WK47JKBOGVRA4ILSGOSIJANCNFSM4RSI3U2Q .