search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.34k stars 150 forks source link

UI shows connected but cannot ping hosts #256

Closed hanweikung closed 9 months ago

hanweikung commented 1 year ago

When trying to connect to Global Protect VPN on Ubuntu 22.04, I cannot ping a host even though the GUI shows "Connected".

Here are the logs from gpclient:

2023-09-06 23:52:27.290 INFO  [86547] [main@24] GlobalProtect started, version: 1.4.9
2023-09-06 23:52:27.467 INFO  [86547] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2023-09-06 23:52:34.956 INFO  [86547] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2023-09-06 23:52:35.008 INFO  [86547] [GPClient::doConnect@238] Start connecting...
2023-09-06 23:52:35.008 INFO  [86547] [GPClient::doConnect@254] Start gateway login using the previously saved gateway...
2023-09-06 23:52:35.009 INFO  [86547] [GPClient::gatewayLogin@361] Performing gateway login...
2023-09-06 23:52:35.011 INFO  [86547] [GatewayAuthenticator::authenticate@28] Start gateway authentication...
2023-09-06 23:52:35.011 INFO  [86547] [GatewayAuthenticator::login@41] Trying to login the gateway at https://vpn-mfa.icts.unitn.it/ssl-vpn/login.esp, with prot=https%3A&server=&jnlpReady=jnlpReady&computer=zephyrus-ubuntu&ok=Login&direct=yes&clientVer=4100&clientos=Linux&os-version=Ubuntu 22.04.3 LTS&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=&inputStr=
2023-09-06 23:52:35.378 ERROR [86547] [GatewayAuthenticator::onLoginFinished@53] Failed to login the gateway at https://vpn-mfa.icts.unitn.it/ssl-vpn/login.esp, Error transferring https://vpn-mfa.icts.unitn.it/ssl-vpn/login.esp - server replied: Custom error
2023-09-06 23:52:35.379 INFO  [86547] [GatewayAuthenticator::doAuth@81] Perform the gateway prelogin at https://vpn-mfa.icts.unitn.it/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2023-09-06 23:52:35.428 INFO  [86547] [GatewayAuthenticator::onPreloginFinished@98] Gateway prelogin succeeded.
2023-09-06 23:52:35.428 INFO  [86547] [PreloginResponse::parse@26] Start parsing the prelogin response...
2023-09-06 23:52:35.428 INFO  [86547] [GatewayAuthenticator::samlAuth@152] Trying to perform SAML login with saml-method POST

DevTools listening on ws://127.0.0.1:12315/devtools/browser/050e928d-dbc6-4fef-8ab4-6ae64a45599e
Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
2023-09-06 23:52:35.569 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from data:text/html;charset=UTF-8,%3Chtml%3E%0A%3Cbody%3E%0A%3Cform%20id%3D%22myform%22%20method%3D%22POST%22%20action%3D%22https%3A%2F%2Fvpn-mfa-web.unitn.it%2Fapp%2Fpanw_globalprotect%2Fexk2nb499xDRezRvO697%2Fsso%2Fsaml%22%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22SAMLRequest%22%20value%3D%22PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%2BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D%22%20%2F%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22RelayState%22%20value%3D%22p8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%3D%3D%22%20%2F%3E%0A%3C%2Fform%3E%0A%3Cscript%3E%0A%20%20document.getElementById%28%27myform%27%29.submit%28%29%3B%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0D%0A
2023-09-06 23:52:35.569 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:52:36.245 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://vpn-mfa-web.unitn.it/app/panw_globalprotect/exk2nb499xDRezRvO697/sso/saml
2023-09-06 23:52:36.245 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:52:36.508 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://vpn-mfa-web.unitn.it/app/panw_globalprotect/exk2nb499xDRezRvO697/sso/saml
2023-09-06 23:52:36.537 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://login.okta.com/discovery/iframe.html
2023-09-06 23:52:36.537 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:52:40.492 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://vpn-mfa-web.unitn.it/sso/idps/0oa3l9lkldWsVmDKZ697?fromURI=%2Fapp%2Fpanw_globalprotect%2Fexk2nb499xDRezRvO697%2Fsso%2Fsaml%3FSAMLRequest%3DPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%252BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%253D%253D%26RelayState%3Dp8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%253D%253D%26OKTA_INVALID_SESSION_REPOST%3Dtrue&login_hint=hanwei.kung%40unitn.it
2023-09-06 23:52:40.493 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:52:40.555 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://vpn-mfa-web.unitn.it/sso/idps/0oa3l9lkldWsVmDKZ697?fromURI=%2Fapp%2Fpanw_globalprotect%2Fexk2nb499xDRezRvO697%2Fsso%2Fsaml%3FSAMLRequest%3DPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%252BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%253D%253D%26RelayState%3Dp8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%253D%253D%26OKTA_INVALID_SESSION_REPOST%3Dtrue&login_hint=hanwei.kung%40unitn.it
2023-09-06 23:52:40.671 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://idp.unitn.it/idp/profile/SAML2/Redirect/SSO?execution=e1s1
2023-09-06 23:52:40.671 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:52:40.814 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://idp.unitn.it/idp/profile/SAML2/Redirect/SSO?execution=e1s1
2023-09-06 23:52:45.561 INFO  [86547] [SAMLLoginWindow::SAMLLoginWindow@31] MAX_WAIT_TIME exceeded, display the login window.
2023-09-06 23:53:08.705 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://idp.unitn.it/idp/profile/SAML2/Redirect/SSO?execution=e1s1
2023-09-06 23:53:08.705 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:53:08.715 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://idp.unitn.it/idp/profile/SAML2/Redirect/SSO?execution=e1s1
2023-09-06 23:53:11.211 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://vpn-mfa-web.unitn.it/login/second-factor?fromURI=%2Fapp%2Fpanw_globalprotect%2Fexk2nb499xDRezRvO697%2Fsso%2Fsaml%3FSAMLRequest%3DPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%252BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%253D%253D%26RelayState%3Dp8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%253D%253D%26OKTA_INVALID_SESSION_REPOST%3Dtrue%26fromLoginToken%3DMExSqRJzdjc0fZDejf6BxAfGW9uX7d7ykQRMhOdq1oLZ8VpvGKu89GYwuT-CVlZRl294XxPdHRxgPNT7bqFdnqCX6ZEksmHIjh1ebp15MxiPB0iy6mKHW-bdrwwFh66Lg6VmbN4bEZFjsXbeuNXZF4zauQI9Km-ZKeCA2pOjKw0PU7SIK3Z0-fVO4a6Tug30iCsR-6E1kj7IES77R7DCVN4UY1TOqXU3GjvyFTlFos8gX0pLQrjm1S0iiBt0RcPty1uH6mBmIdcjjXiW-WeYJslgZ013lUAXSXcfEHzfjzn8Swmu8PUVVch9Ikk3t7ncQyHrgjZZI_2mX_Rf0NuYbQ%26fromLogin%3Dtrue
2023-09-06 23:53:11.211 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:53:11.414 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://vpn-mfa-web.unitn.it/login/second-factor?fromURI=%2Fapp%2Fpanw_globalprotect%2Fexk2nb499xDRezRvO697%2Fsso%2Fsaml%3FSAMLRequest%3DPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%252BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%253D%253D%26RelayState%3Dp8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%253D%253D%26OKTA_INVALID_SESSION_REPOST%3Dtrue%26fromLoginToken%3DMExSqRJzdjc0fZDejf6BxAfGW9uX7d7ykQRMhOdq1oLZ8VpvGKu89GYwuT-CVlZRl294XxPdHRxgPNT7bqFdnqCX6ZEksmHIjh1ebp15MxiPB0iy6mKHW-bdrwwFh66Lg6VmbN4bEZFjsXbeuNXZF4zauQI9Km-ZKeCA2pOjKw0PU7SIK3Z0-fVO4a6Tug30iCsR-6E1kj7IES77R7DCVN4UY1TOqXU3GjvyFTlFos8gX0pLQrjm1S0iiBt0RcPty1uH6mBmIdcjjXiW-WeYJslgZ013lUAXSXcfEHzfjzn8Swmu8PUVVch9Ikk3t7ncQyHrgjZZI_2mX_Rf0NuYbQ%26fromLogin%3Dtrue
2023-09-06 23:53:11.427 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://login.okta.com/discovery/iframe.html
2023-09-06 23:53:11.427 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:53:39.967 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://vpn-mfa-web.unitn.it/app/panw_globalprotect/exk2nb499xDRezRvO697/sso/saml?SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%2BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&RelayState=p8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%3D%3D&OKTA_INVALID_SESSION_REPOST=true&fromLogin=true&fromLoginToken=oLC0hFWmJBDKexn6WF2F_JYNJUvEfoNmuOtsngYNUjPQ2Vj4ZWtKCARSg77r08ttT8GwX5ufV0-GGEWh92A68GXZM5ILUeeRlxBeIbDyXUP8PrAhVnBv1AHs8aBw6kybTQsWrO2xfLwWfa1CRDjmx8RiEfn0FnEl8KTArgE24ThfqccWYjyIhjcU3QwKYZu9ZogveW6wxtbDLK7uJ9pYRtkTXoeJfXkma2oIpdtL1tnH00pq9KRAvQj9p01gIf4AbKOe9Erk9yIy6FNPY_TCRp92UcpD3mckBC-Ts8QZ8hbs395UxULIlasi97niya5z_EmbzLafzcXrShHUDqMSrg
2023-09-06 23:53:39.967 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:53:40.011 INFO  [86547] [SAMLLoginWindow::onLoadFinished@109] Load finished https://vpn-mfa-web.unitn.it/app/panw_globalprotect/exk2nb499xDRezRvO697/sso/saml?SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1AvQUNTIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly92cG4tbWZhLXdlYi51bml0bi5pdC9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4azJuYjQ5OXhEUmV6UnZPNjk3L3Nzby9zYW1sIiBJRD0iXzE2MWRkOWJlNjlmNzgyNTI5YThkNGFhNGQ1NTIxNjQzIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDktMDZUMjE6NTI6MzVaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%2BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vdnBuLW1mYS5pY3RzLnVuaXRuLml0OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&RelayState=p8kIAAnIjGEzNzIzNTcxZTk1OTFmODUzMTNhODI0NzhmMGZhYWUyYw%3D%3D&OKTA_INVALID_SESSION_REPOST=true&fromLogin=true&fromLoginToken=oLC0hFWmJBDKexn6WF2F_JYNJUvEfoNmuOtsngYNUjPQ2Vj4ZWtKCARSg77r08ttT8GwX5ufV0-GGEWh92A68GXZM5ILUeeRlxBeIbDyXUP8PrAhVnBv1AHs8aBw6kybTQsWrO2xfLwWfa1CRDjmx8RiEfn0FnEl8KTArgE24ThfqccWYjyIhjcU3QwKYZu9ZogveW6wxtbDLK7uJ9pYRtkTXoeJfXkma2oIpdtL1tnH00pq9KRAvQj9p01gIf4AbKOe9Erk9yIy6FNPY_TCRp92UcpD3mckBC-Ts8QZ8hbs395UxULIlasi97niya5z_EmbzLafzcXrShHUDqMSrg
2023-09-06 23:53:40.186 INFO  [86547] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://vpn-mfa.icts.unitn.it/SAML20/SP/ACS
2023-09-06 23:53:40.186 INFO  [86547] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2023-09-06 23:53:40.186 INFO  [86547] [SAMLLoginWindow::checkSamlResult@97] Got the SAML authentication information successfully. username: hanwei.kung@unitn.it, preloginCookie: vqFamqe+xMPashsN6fj2u0mlAuWrc1W5xz7G1UvXJ5IZ+YpJfePC4cA4UH/TZb5o, userAuthCookie: 
2023-09-06 23:53:40.186 INFO  [86547] [GatewayAuthenticator::onSAMLLoginSuccess@175] SAML login succeeded, got the prelogin-cookie vqFamqe+xMPashsN6fj2u0mlAuWrc1W5xz7G1UvXJ5IZ+YpJfePC4cA4UH/TZb5o
2023-09-06 23:53:40.186 INFO  [86547] [GatewayAuthenticator::login@41] Trying to login the gateway at https://vpn-mfa.icts.unitn.it/ssl-vpn/login.esp, with prot=https%3A&server=&inputStr=&jnlpReady=jnlpReady&passwd=&computer=zephyrus-ubuntu&ok=Login&direct=yes&clientVer=4100&clientos=Linux&os-version=Ubuntu 22.04.3 LTS&portal-prelogonuserauthcookie=&ipv6-support=yes&user=hanwei.kung%40unitn.it&prelogin-cookie=vqFamqe%2BxMPashsN6fj2u0mlAuWrc1W5xz7G1UvXJ5IZ%2BYpJfePC4cA4UH%2FTZb5o&portal-userauthcookie=
2023-09-06 23:53:40.218 ERROR [86547] [CDPCommandManager::onSocketError@86] WebSocket error1
2023-09-06 23:53:40.218 INFO  [86547] [CDPCommandManager::onSocketDisconnected@81] WebSocket disconnected
2023-09-06 23:53:40.504 INFO  [86547] [gpclient::helper::parseGatewayResponse@57] Start parsing the gateway response...
2023-09-06 23:53:40.504 INFO  [86547] [gpclient::helper::parseGatewayResponse@58] The gateway response is: <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>1d5c5f61795eafe16cb726ab664b8b0a</argument><argument>7144e82e96dd3c90cbe537d2b49044a60dde1f67</argument><argument>GW_vpn-mfa.icts.unitn.it-N</argument><argument>hanwei.kung@unitn.it</argument><argument>Okta_SAML</argument><argument>vsys1</argument><argument>%28empty_domain%29</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument><argument>4100</argument><argument></argument><argument>L2AM1+0448fCB3lOaTj6L8L2Fu/E64VknxfgoHDE/XFi6MKvSLjXz9yViW2mEcoHu77VqWEDF6p6hE69Ro0f5IisxYJ9C9KrUnqLEngS9fiTCeR/i3y31R3PSBdECGyd8ugu9vTdi6A/BZPkvApJdxOP2Yh884CmJSGBrW7L2DKE+giEWWKFx7ZkGWYbuoa39SJW6MH2j90KLWTIkkLM1/4rcGqgbrf8ILV04Q7BdX+D+nhF1a7RtpK2xAJHAN1vS3QuBDt3otUAhPyR67IgppSJE3zjoHDiLUgoENqexS7x3ODQzu3c6GdyuoyHKRkFgR9j1ZUGxScldmKhscAItg==</argument><argument>SDs4lSuj/CRcnUae66aXJBW/T7dvCrnEX+42C6DaSpRt3OoVZz1oV4P3V8IEkRmQhM3bprW1fIc+KnlsEzHehb5gIWQUVnJOimkKTaMsAsuf5fn3AWiQzolrTPvjc5OkMvz8jv/Qdn4MdUaMf85zfJXRnUd0C/Ic/ugC0AnpNfVz+RfHdUd8DgCg5TNmbYMCdgJidhk96ql6w52ligZ+qJzoPvK2p65jeZypA/iu2UNE3gNb+nJYsmTEhjXRK9aANQok5WZevbjc7m6SakFWniTkK0LHfPU2/17LK2ZnD9PfYKxyHUtcR99oH8/bbQb9e/0MCqnBbMqEZfX7sYRAEg==</argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
2023-09-06 23:53:40.504 INFO  [86547] [GPClient::onGatewaySuccess@385] Gateway login succeeded, got the cookie authcookie=1d5c5f61795eafe16cb726ab664b8b0a&portal=GW_vpn-mfa.icts.unitn.it-N&user=hanwei.kung%40unitn.it&domain=%2528empty_domain%2529&preferred-ip=&computer=zephyrus-ubuntu
2023-09-06 23:53:40.533 INFO  [86547] [GPClient::onVPNLogAvailable@518] Output of `openconnect --version`: OpenConnect version v8.20-1
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script

2023-09-06 23:53:40.533 INFO  [86547] [GPClient::onVPNLogAvailable@518] Got extra OpenConnect args for server: vpn-mfa.icts.unitn.it, <empty>
2023-09-06 23:53:40.534 INFO  [86547] [GPClient::onVPNLogAvailable@518] Start process with arugments: --protocol=gp, -u, , --cookie-on-stdin, vpn-mfa.icts.unitn.it
2023-09-06 23:53:40.536 INFO  [86547] [GPClient::onVPNLogAvailable@518] Openconnect started successfully, PID=86962
2023-09-06 23:53:40.552 INFO  [86547] [GPClient::onVPNLogAvailable@518] POST https://vpn-mfa.icts.unitn.it/ssl-vpn/getconfig.esp

2023-09-06 23:53:40.569 INFO  [86547] [GPClient::onVPNLogAvailable@518] Attempting to connect to server 193.205.210.18:443

2023-09-06 23:53:40.582 INFO  [86547] [GPClient::onVPNLogAvailable@518] Connected to 193.205.210.18:443

2023-09-06 23:53:40.595 INFO  [86547] [GPClient::onVPNLogAvailable@518] SSL negotiation with vpn-mfa.icts.unitn.it

2023-09-06 23:53:40.634 INFO  [86547] [GPClient::onVPNLogAvailable@518] Connected to HTTPS on vpn-mfa.icts.unitn.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)

2023-09-06 23:53:40.662 INFO  [86547] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 06 Sep 2023 21:53:40 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 2738
Connection: keep-alive
ETag: "23d6185834e"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=24a710f8e6a011bc6bb7e800389fd9d3; secure; HttpOnly

2023-09-06 23:53:40.662 INFO  [86547] [GPClient::onVPNLogAvailable@518] Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (2738)

2023-09-06 23:53:40.664 INFO  [86547] [GPClient::onVPNLogAvailable@518] Tunnel timeout (rekey interval) is 180 minutes.
Idle timeout is 180 minutes.
Unknown GlobalProtect config tag <include-split-tunneling-domain>: 
            unitrento.file.core.windows.net

2023-09-06 23:53:40.664 INFO  [86547] [GPClient::onVPNLogAvailable@518] TCP_INFO rcv mss 1460, snd mss 1460, adv mss 1460, pmtu 1500
Using base_mtu of 1500
After removing UDP/IPv4 headers, MTU of 1472
After removing protocol specific overhead (36 unpadded, 2 padded, 16 blocksize), MTU of 1422

2023-09-06 23:53:40.664 INFO  [86547] [GPClient::onVPNLogAvailable@518] No MTU received. Calculated 1422 for ESP tunnel

2023-09-06 23:53:40.664 INFO  [86547] [GPClient::onVPNLogAvailable@518] POST https://vpn-mfa.icts.unitn.it/ssl-vpn/hipreportcheck.esp

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 06 Sep 2023 21:53:40 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 107
Connection: keep-alive
ETag: "72b6185834e"
X-Content-Type-Options: nosniff
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Strict-Transport-Security: max-age=31536000;

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (107)

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] Gateway says HIP report submission is needed.

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] Parameters for incoming ESP: SPI 0xe3f8e6a9
ESP encryption type AES-128-CBC (RFC3602) key 0xa617a1ab2e60286f823a2cbf86ce972f

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] WARNING: Server asked us to submit HIP report with md5sum a23131e4613bfde4d82b4c721f7bb9be.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x4ee6d52f74287ff2e77d972114762b2e827555b5
Parameters for outgoing ESP: SPI 0x658d2604
ESP encryption type AES-128-CBC (RFC3602) key 0x670840ba5a90583f4ae79ba9f0f74b64
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x5f9b21ecdc81a0e72349c73499580c381d019c68
Send ESP probes

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] UDP SO_SNDBUF: 28440
ICMPv4 probe packet (seq 1) for GlobalProtect ESP:
> 0000:  45 00 00 2c 47 47 40 00  40 01 5c 38 0a ec f8 85  |E..,GG@.@.\8....|

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] > 0010:  c1 cd d2 12 08 00 0b 08  47 47 00 01 6d 6f 6e 69  |........GG..moni|
> 0020:  74 6f 72 00 00 70 61 6e  20 68 61 20              |tor..pan ha |

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 2) for GlobalProtect ESP:
> 0000:  45 00 00 2c 47 47 40 00  40 01 5c 38 0a ec f8 85  |E..,GG@.@.\8....|
> 0010:  c1 cd d2 12 08 00 0b 07  47 47 00 02 6d 6f 6e 69  |........GG..moni|

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] > 0020:  74 6f 72 00 00 70 61 6e  20 68 61 20              |tor..pan ha |
ICMPv4 probe packet (seq 3) for GlobalProtect ESP:

2023-09-06 23:53:40.688 INFO  [86547] [GPClient::onVPNLogAvailable@518] > 0000:  45 00 00 2c 47 47 40 00  40 01 5c 38 0a ec f8 85  |E..,GG@.@.\8....|
> 0010:  c1 cd d2 12 08 00 0b 06  47 47 00 03 6d 6f 6e 69  |........GG..moni|

2023-09-06 23:53:40.689 INFO  [86547] [GPClient::onVPNLogAvailable@518] > 0020:  74 6f 72 00 00 70 61 6e  20 68 61 20              |tor..pan ha |

2023-09-06 23:53:40.705 INFO  [86547] [GPClient::onVPNLogAvailable@518] ESP session established with server

2023-09-06 23:53:40.705 INFO  [86547] [GPClient::onVPNLogAvailable@518] ESP tunnel connected; exiting HTTPS mainloop.

2023-09-06 23:53:40.706 INFO  [86547] [GPClient::onVPNLogAvailable@518] Configured as 10.236.248.133, with SSL disconnected and ESP established

2023-09-06 23:53:40.714 INFO  [86547] [GPClient::onVPNLogAvailable@518] Session authentication will expire at Fri Oct  6 23:53:40 2023

2023-09-06 23:54:01.411 INFO  [86547] [GPClient::doConnect@238] Start connecting...
2023-09-06 23:54:01.412 INFO  [86547] [GPClient::doConnect@263] Start disconnecting the VPN...
2023-09-06 23:54:01.422 INFO  [86547] [GPClient::onVPNLogAvailable@518] POST https://vpn-mfa.icts.unitn.it/ssl-vpn/logout.esp

2023-09-06 23:54:01.437 INFO  [86547] [GPClient::onVPNLogAvailable@518] SSL negotiation with vpn-mfa.icts.unitn.it

2023-09-06 23:54:01.483 INFO  [86547] [GPClient::onVPNLogAvailable@518] Connected to HTTPS on vpn-mfa.icts.unitn.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)

2023-09-06 23:54:01.508 INFO  [86547] [GPClient::onVPNLogAvailable@518] Invalid user name
Logout failed.

2023-09-06 23:54:01.780 INFO  [86547] [GPClient::onVPNLogAvailable@518] RTNETLINK answers: No such process

2023-09-06 23:54:01.785 INFO  [86547] [GPClient::onVPNLogAvailable@518] RTNETLINK answers: No such process

2023-09-06 23:54:01.873 INFO  [86547] [GPClient::onVPNLogAvailable@518] User cancelled (SIGINT/SIGTERM); exiting.

2023-09-06 23:54:01.876 INFO  [86547] [GPClient::onVPNLogAvailable@518] Openconnect process exited with code 0 and exit status NormalExit
ahsand97 commented 11 months ago

Do you mean you can't ping hostnames? but you can ping direct IP addresses? if so, your problem is most likely related to DNS, probably a problem with systemd-resolved

hanweikung commented 11 months ago

Do you mean you can't ping hostnames? but you can ping direct IP addresses? if so, your problem is most likely related to DNS, probably a problem with systemd-resolved

I cannot ping IP address either

victorfds commented 11 months ago

I'm having a relative similar error. Shows connected, but does not effectively work.

ahsand97 commented 10 months ago

Do you mean you can't ping hostnames? but you can ping direct IP addresses? if so, your problem is most likely related to DNS, probably a problem with systemd-resolved

I cannot ping IP address either

I created this application https://github.com/ahsand97/connect-to-globalprotect-using-nmcli that allows to connect to a Glopal Protect VPN using NetworkManager nmcli, maybe this can work for you.

victorfds commented 10 months ago

Do you mean you can't ping hostnames? but you can ping direct IP addresses? if so, your problem is most likely related to DNS, probably a problem with systemd-resolved

I cannot ping IP address either

I created this application https://github.com/ahsand97/connect-to-globalprotect-using-nmcli to connect to my companie's Global Protect VPN, maybe this can work for you (?)

I could fix the problem by using the downloaded package PanGPLinux-5.3.2-c3.tgz, after build and install, I could exec the CLI command globaprotect . Now I use the CLI version.

hanweikung commented 9 months ago

Do you mean you can't ping hostnames? but you can ping direct IP addresses? if so, your problem is most likely related to DNS, probably a problem with systemd-resolved

I cannot ping IP address either

I created this application https://github.com/ahsand97/connect-to-globalprotect-using-nmcli to connect to my companie's Global Protect VPN, maybe this can work for you (?)

I could fix the problem by using the downloaded package PanGPLinux-5.3.2-c3.tgz, after build and install, I could exec the CLI command globaprotect . Now I use the CLI version.

I also opted for the official GlobalProtect client (globalprotect_ui_deb-6.1.1.0-49.deb) and didn't encounter any problems.