Closed bagnaram closed 8 months ago
Same issue. Arch Linux.
Same issue, ubuntu 20.04
Thanks for your feedback. It's a known issue that is hard to reproduce from my side. And I will keep it open and would expect I can fix it in the future.
Sorry for the inconvenience.
Is there any information that we can provide that would assist?
@praetorzero You can run the gpclient
command directly to view the logs. For this issue, send me the normal logs and the abnormal logs.
Failure logs
o ~ gpclient
propsReply "Method \"GetAll\" with signature \"s\" on interface \"org.freedesktop.DBus.Properties\" doesn't exist\n"
nmReply "Method \"GetDevices\" with signature \"\" on interface \"org.freedesktop.NetworkManager\" doesn't exist\n"
"Object path cannot be empty"
2022-03-10 11:19:36.048 INFO [135230] [main@23] GlobalProtect started, version: 1.4.1
2022-03-10 11:19:36.506 INFO [135230] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
QObject::connect: No such signal QPlatformNativeInterface::systemTrayWindowChanged(QScreen*)
2022-03-10 11:19:43.921 INFO [135230] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
2022-03-10 11:19:43.973 INFO [135230] [GPClient::doConnect@246] Start connecting...
2022-03-10 11:19:43.974 INFO [135230] [GPClient::doConnect@262] Start gateway login using the previously saved gateway...
2022-03-10 11:19:43.974 INFO [135230] [GPClient::gatewayLogin@357] Performing gateway login...
2022-03-10 11:19:43.980 INFO [135230] [GatewayAuthenticator::authenticate@33] Start gateway authentication...
2022-03-10 11:19:43.983 INFO [135230] [GatewayAuthenticator::login@46] Trying to login the gateway at https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/login.esp with prot=https%3A&server=&jnlpReady=jnlpReady&computer=bagnaram-pc&ok=Login&direct=yes&clientVer=4100&os-version=Arch Linux&clientos=Linux&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=&inputStr=
2022-03-10 11:19:46.423 ERROR [135230] [GatewayAuthenticator::onLoginFinished@58] Failed to login the gateway at https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/login.esp, Error transferring https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/login.esp - server replied: Custom error
2022-03-10 11:19:46.423 INFO [135230] [GatewayAuthenticator::doAuth@86] Perform the gateway prelogin at https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2022-03-10 11:19:46.752 INFO [135230] [GatewayAuthenticator::onPreloginFinished@103] Gateway prelogin succeeded.
2022-03-10 11:19:46.752 INFO [135230] [PreloginResponse::parse@26] Start parsing the prelogin response...
2022-03-10 11:19:46.754 INFO [135230] [GatewayAuthenticator::samlAuth@161] Trying to perform SAML login with saml-method POST
DevTools listening on ws://127.0.0.1:12315/devtools/browser/7441ffe1-0d68-444e-9047-1dd7e40961a7
Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
2022-03-10 11:19:47.248 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from data:<REDACTED>
2022-03-10 11:19:48.727 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/app/panw_globalprotect/exkmuocq9ijzAysk60x7/sso/saml
2022-03-10 11:19:49.904 INFO [135230] [SAMLLoginWindow::onLoadFinished@98] Load finished https://example.okta.com/app/panw_globalprotect/exkmuocq9ijzAysk60x7/sso/saml
2022-03-10 11:19:50.171 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.okta.com/discovery/iframe.html
2022-03-10 11:19:56.720 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/auth/services/devicefingerprint
2022-03-10 11:20:19.917 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/login/sessionCookieRedirect
2022-03-10 11:20:20.448 INFO [135230] [SAMLLoginWindow::onResponseReceived@64] Response received from https://omni.example-it.com/SAML20/SP/ACS
2022-03-10 11:20:20.472 INFO [135230] [SAMLLoginWindow::onLoadFinished@98] Load finished https://omni.example-it.com/SAML20/SP/ACS
<this is where i get the failed authentication window in the SAML web popup>
^CCaught signal: Interrupt
Release of profile requested but WebEnginePage still not deleted. Expect troubles !
And here is a successful connect after reset:
➜ ~ gpclient
propsReply "Method \"GetAll\" with signature \"s\" on interface \"org.freedesktop.DBus.Properties\" doesn't exist\n"
nmReply "Method \"GetDevices\" with signature \"\" on interface \"org.freedesktop.NetworkManager\" doesn't exist\n"
"Object path cannot be empty"
2022-03-10 11:27:24.936 INFO [136420] [main@23] GlobalProtect started, version: 1.4.1
2022-03-10 11:27:25.054 INFO [136420] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
QObject::connect: No such signal QPlatformNativeInterface::systemTrayWindowChanged(QScreen*)
2022-03-10 11:27:32.793 INFO [136420] [GPClient::doConnect@246] Start connecting...
2022-03-10 11:27:32.794 INFO [136420] [GPClient::doConnect@267] Start portal login...
2022-03-10 11:27:32.802 INFO [136420] [PortalAuthenticator::authenticate@33] Preform portal prelogin at https://omni.example-it.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2022-03-10 11:27:32.817 INFO [136420] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
2022-03-10 11:27:33.992 INFO [136420] [PortalAuthenticator::onPreloginFinished@50] Portal prelogin succeeded.
2022-03-10 11:27:33.992 INFO [136420] [PreloginResponse::parse@26] Start parsing the prelogin response...
2022-03-10 11:27:33.993 INFO [136420] [PortalAuthenticator::onPreloginFinished@54] Finished parsing the prelogin response. The region field is: US
2022-03-10 11:27:33.993 INFO [136420] [PortalAuthenticator::samlAuth@121] Trying to perform SAML login with saml-method POST
DevTools listening on ws://127.0.0.1:12315/devtools/browser/f2d2a42e-cb51-4f4c-af77-171211c37c13
Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
2022-03-10 11:27:34.358 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from data:text/<REDACTED>
2022-03-10 11:27:34.396 INFO [136420] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
2022-03-10 11:27:35.596 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/app/panw_globalprotect/exkmuocq9ijzAysk60x7/sso/saml
2022-03-10 11:27:36.050 INFO [136420] [SAMLLoginWindow::onLoadFinished@98] Load finished https://example.okta.com/app/panw_globalprotect/exkmuocq9ijzAysk60x7/sso/saml
2022-03-10 11:27:36.075 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.okta.com/discovery/iframe.html
2022-03-10 11:27:41.501 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/auth/services/devicefingerprint
2022-03-10 11:27:53.858 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from https://example.okta.com/login/sessionCookieRedirect
2022-03-10 11:27:54.918 INFO [136420] [SAMLLoginWindow::onResponseReceived@64] Response received from https://omni.example-it.com/SAML20/SP/ACS
2022-03-10 11:27:54.918 INFO [136420] [SAMLLoginWindow::onResponseReceived@67] Got username from SAML response headers matt.bagnara@example.com
2022-03-10 11:27:54.918 INFO [136420] [SAMLLoginWindow::onResponseReceived@72] Got prelogin-cookie from SAML response headers HPRx6M043z2gfPa7HCbJkjW7P762Bru3pdTO6H+yfkSvR956AdCtygQJj+RPRS0I
2022-03-10 11:27:54.918 INFO [136420] [SAMLLoginWindow::onResponseReceived@84] Got the SAML authentication information successfully. username: matt.bagnara@example.com, preloginCookie: HPRx6M043z2gfPa7HCbJkjW7P762Bru3pdTO6H+yfkSvR956AdCtygQJj+RPRS0I, userAuthCookie:
2022-03-10 11:27:54.918 INFO [136420] [PortalAuthenticator::onSAMLLoginSuccess@135] SAML login succeeded, got the prelogin-cookie HPRx6M043z2gfPa7HCbJkjW7P762Bru3pdTO6H+yfkSvR956AdCtygQJj+RPRS0I
2022-03-10 11:27:54.922 INFO [136420] [PortalAuthenticator::fetchConfig@161] Fetching the portal config from https://omni.example-it.com/global-protect/getconfig.esp for user: matt.bagnara@example.com
2022-03-10 11:27:54.938 INFO [136420] [SAMLLoginWindow::onLoadFinished@98] Load finished https://omni.example-it.com/SAML20/SP/ACS
2022-03-10 11:27:55.288 INFO [136420] [PortalAuthenticator::onFetchConfigFinished@187] Fetch the portal config succeeded.
2022-03-10 11:27:55.288 INFO [136420] [PortalConfigResponse::parse@20] Start parsing the portal configuration...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGateways@64] Start parsing the gateways from portal configuration...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.289 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.290 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.291 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@96] Start parsing the priority rules...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parsePriorityRules@114] Finished parsing the priority rules.
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@121] Start parsing the gateway name...
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGatewayName@126] Finished parsing the gateway name
2022-03-10 11:27:55.292 INFO [136420] [PortalConfigResponse::parseGateways@89] Finished parsing the gateways.
2022-03-10 11:27:55.295 INFO [136420] [PortalConfigResponse::parse@32] Start reading portal-userauthcookie
2022-03-10 11:27:55.295 INFO [136420] [PortalConfigResponse::parse@35] Start reading portal-prelogonuserauthcookie
2022-03-10 11:27:55.295 INFO [136420] [PortalConfigResponse::parse@42] Finished parsing portal configuration.
2022-03-10 11:27:55.295 INFO [136420] [GPClient::onPortalSuccess@298] Portal authentication succeeded.
2022-03-10 11:27:55.295 INFO [136420] [gpclient::helper::filterPreferredGateway@35] 19 gateway(s) avaiable, filter the gateways with rule: US
2022-03-10 11:27:55.295 INFO [136420] [gpclient::helper::filterPreferredGateway@41] Find a preferred gateway: Canada East
2022-03-10 11:27:55.295 INFO [136420] [GPClient::setAllGateways@437] Updating all the gateways...
2022-03-10 11:27:55.295 INFO [136420] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
2022-03-10 11:27:55.302 INFO [136420] [GPClient::setCurrentGateway@457] Updating the current gateway to Canada East
2022-03-10 11:27:55.302 INFO [136420] [GPClient::populateGatewayMenu@141] Populating the Switch Gateway menu...
2022-03-10 11:27:55.310 INFO [136420] [GPClient::gatewayLogin@357] Performing gateway login...
2022-03-10 11:27:55.320 INFO [136420] [GatewayAuthenticator::authenticate@33] Start gateway authentication...
2022-03-10 11:27:55.320 INFO [136420] [GatewayAuthenticator::login@46] Trying to login the gateway at https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/login.esp with prot=https%3A&server=&jnlpReady=jnlpReady&computer=bagnaram-pc&ok=Login&direct=yes&clientVer=4100&os-version=Arch Linux&clientos=Linux&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=matt.bagnara%40example.com&passwd=&portal-userauthcookie=jg4RdTtkjgVLJr4iesir1kD3q0PjjbTki1ggQZ5YYORxvQ%2Brp2ZDfnsdB9SsE7D9SiTplfp%2FcXbtn6iD2O7twKfmXrcek%2Fq4i23ZEz%2BYdpyt%2BIedChb0zqz1JghOmzPJSC8ylXaTmIFtfCDP2D%2FhUM4DdWLrtK5wD5PoZbKYfbHi38F4kwrWg5ubnIckGz8zFYXcI9mueLAye%2Fb4iQKOoRpOg9EdxAdg0OucWPN%2BHrmxV8dl0ZPgQljBcsytO4q4nHp7E%2F65JIrnvAVvP8asDNI0qdhQIXX34M26hKoChpviDmXexoJf2vbXE4VVCVVYn5d96zGCCfEJEe6HLliC8w%3D%3D&inputStr=
2022-03-10 11:27:56.046 INFO [136420] [gpclient::helper::parseGatewayResponse@51] Start parsing the gateway response...
2022-03-10 11:27:56.046 INFO [136420] [gpclient::helper::parseGatewayResponse@52] The gateway response is: <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>8836c84f5b458327e01e7e2245de0a42</argument><argument>a747278cd6e1f65b1ff09e24724ecdd40a56f0a3</argument><argument>GlobalProtect_External_Gateway-N</argument><argument>matt.bagnara@example.com</argument><argument>Okta</argument><argument>vsys1</argument><argument>%28empty_domain%29</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument><argument>4100</argument><argument></argument><argument>jg4RdTtkjgVLJr4iesir1kD3q0PjjbTki1ggQZ5YYORxvQ+rp2ZDfnsdB9SsE7D9SiTplfp/cXbtn6iD2O7twKfmXrcek/q4i23ZEz+Ydpyt+IedChb0zqz1JghOmzPJSC8ylXaTmIFtfCDP2D/hUM4DdWLrtK5wD5PoZbKYfbHi38F4kwrWg5ubnIckGz8zFYXcI9mueLAye/b4iQKOoRpOg9EdxAdg0OucWPN+HrmxV8dl0ZPgQljBcsytO4q4nHp7E/65JIrnvAVvP8asDNI0qdhQIXX34M26hKoChpviDmXexoJf2vbXE4VVCVVYn5d96zGCCfEJEe6HLliC8w==</argument><argument>yCrEWBoBJ1fEj4e3Ta4T7YkVsDGqcx54+2lTKWxE2ujvXmaVoTVKazhYDg7fB4O4nqgArAR5/zYWludB+duELJGIh/Om7p7L7W2TXsBs31I7ymMLtts46Mf5NA3mfb2fDza7yQxSPDBYuEUn+X3IVAazH39QEwHlA2qci4fxZGPqjnJmT/XTCAx1aQxU7DjqSN0AmXw4G8roeAUNtPLq++RhEKQL5IynlJExyORiMat0ZerqSU8ugvroJy2V0Da5/381QhTrItLjp3r3d3yq22I8Zgj7Ke75X22EZB/h4A+TSof16in9bnOWQs6tAtMsS0OSbJVo0wsSiB8YRWldpg==</argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
2022-03-10 11:27:56.046 INFO [136420] [GPClient::onGatewaySuccess@374] Gateway login succeeded, got the cookie authcookie=8836c84f5b458327e01e7e2245de0a42&portal=GlobalProtect_External_Gateway-N&user=matt.bagnara%40example.com&domain=%2528empty_domain%2529&preferred-ip=&computer=bagnaram-pc
2022-03-10 11:27:56.072 INFO [136420] [GPClient::onVPNLogAvailable@499] Output of `openconnect --version`
: OpenConnect version v8.20
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /etc/vpnc/vpnc-script
2022-03-10 11:27:56.073 INFO [136420] [GPClient::onVPNLogAvailable@499] Start process with arugments: --protocol=gp -u matt.bagnara@example.com --cookie-on-stdin canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com
2022-03-10 11:27:56.078 INFO [136420] [GPClient::onVPNLogAvailable@499] Openconnect started successfully, PID=136575
2022-03-10 11:27:56.084 INFO [136420] [GPClient::onVPNLogAvailable@499] POST https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/getconfig.esp
2022-03-10 11:27:56.139 INFO [136420] [GPClient::onVPNLogAvailable@499] Attempting to connect to server 34.99.87.79:443
2022-03-10 11:27:56.236 INFO [136420] [GPClient::onVPNLogAvailable@499] Connected to 34.99.87.79:443
2022-03-10 11:27:56.283 INFO [136420] [GPClient::onVPNLogAvailable@499] SSL negotiation with canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com
2022-03-10 11:27:56.526 INFO [136420] [GPClient::onVPNLogAvailable@499] Connected to HTTPS on canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
2022-03-10 11:27:56.647 INFO [136420] [GPClient::onVPNLogAvailable@499] Got HTTP response: HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 17:27:57 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 7644
Connection: keep-alive
ETag: "23d6081f90a"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
2022-03-10 11:27:56.647 INFO [136420] [GPClient::onVPNLogAvailable@499] Set-Cookie: PHPSESSID=c53c1231c444063c00ef023d7a82d27f; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (7644)
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] Tunnel timeout (rekey interval) is 180 minutes.
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] Idle timeout is 180 minutes.
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] Unknown GlobalProtect config tag <exclude-split-tunneling-domain>:
socketron.app1f.outreach.cloud:443
Chunderw-gll.twilio.com:443
Chunderw-vpc-gll.twilio.com:443
Chunderw-vpc-gll-au1.twilio.com:443
Chunderw-vpc-gll-br1.twilio.com:443
Chunderw-vpc-gll-de1.twilio.com:443
Chunderw-vpc-gll-ie1.twilio.com:443
Chunderw-vpc-gll-jp1.twilio.com:443
Chunderw-vpc-gll-sg1.twilio.com:443
Chunderw-vpc-gll-us1.twilio.com:443
Ers.twilio.com:443
Eventgw.twilio.com:443
socketron.app1a.outreach.cloud:443
socketron.app1b.outreach.cloud:443
socketron.app1c.outreach.cloud:443
socketron.app1d.outreach.cloud:443
socketron.app1e.outreach.cloud:443
socketron.app2a.outreach.cloud:443
socketron.app2b.outreach.cloud:443
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] Unknown GlobalProtect config tag <exclude-video-redirect>: yes
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] TCP_INFO rcv mss 1360, snd mss 1340, adv mss 1460, pmtu 1500
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] Using base_mtu of 1500
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] After removing UDP/IPv4 headers, MTU of 1472
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] After removing protocol specific overhead (36 unpadded, 2 padded, 16 blocksize), MTU of 1422
2022-03-10 11:27:56.654 INFO [136420] [GPClient::onVPNLogAvailable@499] No MTU received. Calculated 1422 for ESP tunnel
2022-03-10 11:27:56.655 INFO [136420] [GPClient::onVPNLogAvailable@499] POST https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/hipreportcheck.esp
2022-03-10 11:27:56.805 INFO [136420] [GPClient::onVPNLogAvailable@499] Got HTTP response: HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 17:27:57 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 107
Connection: keep-alive
2022-03-10 11:27:56.806 INFO [136420] [GPClient::onVPNLogAvailable@499] ETag: "72b6081f90a"
X-Content-Type-Options: nosniff
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
2022-03-10 11:27:56.806 INFO [136420] [GPClient::onVPNLogAvailable@499] Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (107)
2022-03-10 11:27:56.806 INFO [136420] [GPClient::onVPNLogAvailable@499] Gateway says HIP report submission is needed.
2022-03-10 11:27:56.806 INFO [136420] [GPClient::onVPNLogAvailable@499] Parameters for incoming ESP: SPI 0xb07c2034
ESP encryption type AES-128-CBC (RFC3602) key 0xec6260164b2ed4acfde773e286fa4e7d
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x8a94b1251a12476c2d98fef078d0397c952a277d
Parameters for outgoing ESP: SPI 0x30273cc7
ESP encryption type AES-128-CBC (RFC3602) key 0x5d1446a55f3deb3dd45179e582d581a9
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0xe90cf065efbc5752acfcb4588c9841fc0c6d8902
Send ESP probes
2022-03-10 11:27:56.806 INFO [136420] [GPClient::onVPNLogAvailable@499] WARNING: Server asked us to submit HIP report with md5sum 5b55ed883eb38656bb0cb3991302abb3.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] UDP SO_SNDBUF: 28440
ICMPv4 probe packet (seq 1) for GlobalProtect ESP:
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0000: 45 00 00 2c 47 47 40 00 40 01 36 dd ac 12 10 9b |E..,GG@.@.6.....|
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0010: 00 00 00 00 08 00 0b 08 47 47 00 01 6d 6f 6e 69 |........GG..moni|
> 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] ICMPv4 probe packet (seq 2) for GlobalProtect ESP:
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0000: 45 00 00 2c 47 47 40 00 40 01 36 dd ac 12 10 9b |E..,GG@.@.6.....|
2022-03-10 11:27:56.807 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0010: 00 00 00 00 08 00 0b 07 47 47 00 02 6d 6f 6e 69 |........GG..moni|
2022-03-10 11:27:56.808 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2022-03-10 11:27:56.808 INFO [136420] [GPClient::onVPNLogAvailable@499] ICMPv4 probe packet (seq 3) for GlobalProtect ESP:
2022-03-10 11:27:56.808 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0000: 45 00 00 2c 47 47 40 00 40 01 36 dd ac 12 10 9b |E..,GG@.@.6.....|
2022-03-10 11:27:56.808 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0010: 00 00 00 00 08 00 0b 06 47 47 00 03 6d 6f 6e 69 |........GG..moni|
2022-03-10 11:27:56.808 INFO [136420] [GPClient::onVPNLogAvailable@499] > 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2022-03-10 11:27:56.920 INFO [136420] [GPClient::onVPNLogAvailable@499] ESP session established with server
2022-03-10 11:27:56.920 INFO [136420] [GPClient::onVPNLogAvailable@499] ESP tunnel connected; exiting HTTPS mainloop.
2022-03-10 11:27:57.920 INFO [136420] [GPClient::onVPNLogAvailable@499] Configured as 172.18.16.155, with SSL disconnected and ESP established
Session authentication will expire at Sat Apr 9 12:27:55 2022
2022-03-10 11:28:08.430 INFO [136420] [GPClient::onVPNLogAvailable@499] POST https://canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com/ssl-vpn/logout.esp
2022-03-10 11:28:08.430 INFO [136420] [GPClient::onVPNLogAvailable@499] Failed to open tun device: No such device
Set up tun device failed
2022-03-10 11:28:08.632 INFO [136420] [GPClient::onVPNLogAvailable@499] SSL negotiation with canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com
2022-03-10 11:28:09.173 INFO [136420] [GPClient::onVPNLogAvailable@499] Connected to HTTPS on canada-east-examplet.gp5y555jys2.gw.gpcloudservice.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
2022-03-10 11:28:09.408 INFO [136420] [GPClient::onVPNLogAvailable@499] Unrecoverable I/O error; exiting.
2022-03-10 11:28:09.408 INFO [136420] [GPClient::onVPNLogAvailable@499] Invalid user name
Logout failed.
2022-03-10 11:28:09.411 INFO [136420] [GPClient::onVPNLogAvailable@499] Openconnect process exited with code 1 and exit status NormalExit
^CCaught signal: Interrupt
Release of profile requested but WebEnginePage still not deleted. Expect troubles !
Hi guys, I did some improvements to the authentication workflow in 1.4.8. If you still will me, please give it a try to see if the problem is still there. Thanks.
It doesn't seem to be an issue any more. For me I believe it went away a few releases ago. Thank you for this software and the follow up!
I tried installing globalprotect-openconnect-git from the AUR on Arch Linux, the problem is present. The problem itself is a tiny inconvenience. It looks like it depends on the VPN setup your organizaiton uses. If I were to help with it, what should I PM you? Start globalprotect-openconnect from terminal and capture the output? Run it with strace?
You can run gpclient
from the terminal and post the logs here, but I'm afraid it won't do much help.
I think it's an improvement. I tested connecting/disconnecting multiple times in a row and didn't get an error. However, if there is a while in between the initial connect and disconnect/reconnect, I get an error "Unsupported request. The application you have accessed is not registered for use with this service." I'm pretty sure that's with our 2FA/Duo landing page. For example, I connected at 0800 this morning. 45 minutes later, I attempted to change servers. I received this message. The only way to clear it now is to reset the client.
Is the client performing any caching for authentication? Can you have that cache expire and clear itself after a short interval? That way, I wouldn't have to reset the client on a daily basis. This is a minor annoyance that I can live with. You've done great work on the client and I'm thrilled you're still updating it. Thanks!
I'm running into this issue with a SAML login that is behind Okta SSO. I need to reset every time. Has anyone discovered a workaround? @yuezk is this something your still actively working on at all or do you expect it to be largely fixed? I'm wondering what I can do to improve this workflow as it is a major pain (though the client itself is great!).
@Gowiem I'm rewriting this client using Tauri (the current progress is roughly 80%) on the refactor branch. It is supposed to be fixed in the new client.
Since I cannot reproduce this issue, I would appreciate it if you could help me verify whether it is reproducible on the new client. You can follow the instructions on the README of that branch.
@yuezk tried working off your refactor branch, but quickly hit the following:
error: failed to run custom build command for `gpcommon v0.1.0 (/home/user/Workspace/GlobalProtect-openconnect/gpcommon)`
Caused by:
process didn't exit successfully: `/home/user/Workspace/GlobalProtect-openconnect/target/debug/build/gpcommon-6b7a80cd347b49f1/build-script-build` (exit status: 1)
--- stdout
cargo:rustc-link-lib=openconnect
cargo:rerun-if-changed=src/vpn/vpn.c
cargo:rerun-if-changed=src/vpn/vpn.h
TARGET = Some("x86_64-unknown-linux-gnu")
OPT_LEVEL = Some("0")
HOST = Some("x86_64-unknown-linux-gnu")
cargo:rerun-if-env-changed=CC_x86_64-unknown-linux-gnu
CC_x86_64-unknown-linux-gnu = None
cargo:rerun-if-env-changed=CC_x86_64_unknown_linux_gnu
CC_x86_64_unknown_linux_gnu = None
cargo:rerun-if-env-changed=HOST_CC
HOST_CC = None
cargo:rerun-if-env-changed=CC
CC = None
cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-gnu
CFLAGS_x86_64-unknown-linux-gnu = None
cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_gnu
CFLAGS_x86_64_unknown_linux_gnu = None
cargo:rerun-if-env-changed=HOST_CFLAGS
HOST_CFLAGS = None
cargo:rerun-if-env-changed=CFLAGS
CFLAGS = None
cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
CRATE_CC_NO_DEFAULTS = None
DEBUG = Some("true")
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
running: "cc" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-gdwarf-4" "-fno-omit-frame-pointer" "-m64" "-I" "src/vpn" "-Wall" "-Wextra" "-o" "/home/user/Workspace/GlobalProtect-openconnect/target/debug/build/gpcommon-669710cdc92b757c/out/src/vpn/vpn.o" "-c" "src/vpn/vpn.c"
cargo:warning=src/vpn/vpn.c:6:10: fatal error: openconnect.h: No such file or directory
cargo:warning= 6 | #include <openconnect.h>
cargo:warning= | ^~~~~~~~~~~~~~~
cargo:warning=compilation terminated.
exit status: 1
--- stderr
error occurred: Command "cc" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-gdwarf-4" "-fno-omit-frame-pointer" "-m64" "-I" "src/vpn" "-Wall" "-Wextra" "-o" "/home/user/Workspace/GlobalProtect-openconnect/target/debug/build/gpcommon-669710cdc92b757c/out/src/vpn/vpn.o" "-c" "src/vpn/vpn.c" with args "cc" did not execute successfully (status code exit status: 1).
warning: build failed, waiting for other jobs to finish...
Is there a specific registry I need to install openconnect-devel
? I have the openconnect
package, but when trying to install openconnect-devel
on Ubuntu I haven't been able to find good info. Let me know.
@Gowiem try install the libopenconnect-dev package.
@yuezk that got me unblocked on that, but then pnmp install
failed:
gpgui (branch:refactor) » pnpm install
Lockfile is up to date, resolution step is skipped
Packages: +120
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Packages are hard linked from the content-addressable store to the virtual store.
Content-addressable store is at: /home/user/.local/share/pnpm/store/v3
Virtual store is at: node_modules/.pnpm
Downloading registry.npmjs.org/@tauri-apps/cli-linux-x64-gnu/1.3.1: 7.89 MB/7.89 MB, done
Downloading registry.npmjs.org/@tauri-apps/cli-linux-x64-musl/1.3.1: 7.88 MB/7.88 MB, done
Downloading registry.npmjs.org/@swc/core-linux-x64-gnu/1.3.36: 14.90 MB/14.90 MB, done
Downloading registry.npmjs.org/@swc/core-linux-x64-musl/1.3.36: 14.74 MB/14.74 MB, done
Progress: resolved 120, reused 0, downloaded 120, added 120, done
Downloading registry.npmjs.org/typescript/4.9.5: 11.62 MB/11.62 MB, done
node_modules/.pnpm/@swc+core@1.3.36/node_modules/@swc/core: Running postinstall script...
ELIFECYCLE Command failed.
gpgui (branch:refactor) » pnpm tauri dev
ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL Command "tauri" not found
gpgui (branch:refactor) » pnpm install
Lockfile is up to date, resolution step is skipped
Packages: +120
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Progress: resolved 120, reused 120, downloaded 0, added 0, done
node_modules/.pnpm/@swc+core@1.3.36/node_modules/@swc/core: Running postinstall script...
ELIFECYCLE Command failed.
node_modules/.pnpm/esbuild@0.16.17/node_modules/esbuild: Running postinstall script...
Trying to help you debug early on, but if this is too early than I can just wait. If this is helpful, then I'm happy to keep hitting road blocks. Let me know your thoughts. Thanks!
Thanks, @Gowiem, I will make the refactor branch more stable to test.
This should no longer be a problem in the 2.x release, closing.
When I attempt to connect via Oauth, it will fail after authentication through the call-back, unless I reset the settings in GlobalProtect-openconnect. After resetting, and re-entering the server, it will work. This is more of an inconvenience.