gpclient freezes at challenge input (MFA with Microsft Authenticator)

[matheus-fonseca]

I have installed:

GlobalProtect started, version: 1.4.8
qt5ct: using qt5ct plugin

OS: Mint 19.1 (based on Ubuntu 18.04)

After i send my credentials to my VPN gateway, the gpclient asks for "GlobalProtec Challenge", but independent of the challenge that i inform the client freezes and do nothing (stuck with "Authenticating..." message). My organization VPN uses Micorsoft Mult-Factor Authentication and i use my Microsoft Authenticator app to generate one time password.

Independent of the challenge value that i input (even inserting a wrong challenge), the client freezes and give no output about the problem.

Here is my gpclient log:

2023-11-28 12:16:48.902 INFO  [7947] [main@24] GlobalProtect started, version: 1.4.8
qt5ct: using qt5ct plugin
qt5ct: D-Bus system tray: no
2023-11-28 12:16:49.022 INFO  [7947] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2023-11-28 12:16:50.788 INFO  [7947] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2023-11-28 12:16:52.144 INFO  [7947] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2023-11-28 12:16:52.228 INFO  [7947] [GPClient::doConnect@238] Start connecting...
2023-11-28 12:16:52.228 INFO  [7947] [GPClient::doConnect@254] Start gateway login using the previously saved gateway...
2023-11-28 12:16:52.228 INFO  [7947] [GPClient::gatewayLogin@361] Performing gateway login...
2023-11-28 12:16:52.239 INFO  [7947] [GatewayAuthenticator::authenticate@28] Start gateway authentication...
2023-11-28 12:16:52.239 INFO  [7947] [GatewayAuthenticator::login@41] Trying to login the gateway at https://189.*****/ssl-vpn/login.esp, with prot=https%3A&server=&jnlpReady=jnlpReady&computer=matheus-unb&ok=Login&direct=yes&clientVer=4100&clientos=Linux&os-version=Linux Mint 19.1&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=&inputStr=
2023-11-28 12:16:52.399 ERROR [7947] [GatewayAuthenticator::onLoginFinished@53] Failed to login the gateway at https://189.*****/ssl-vpn/login.esp, Error transferring https://189.*****/ssl-vpn/login.esp - server replied: status code 512
2023-11-28 12:16:52.399 INFO  [7947] [GatewayAuthenticator::doAuth@81] Perform the gateway prelogin at https://189.*****/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2023-11-28 12:16:52.424 INFO  [7947] [GatewayAuthenticator::onPreloginFinished@98] Gateway prelogin succeeded.
2023-11-28 12:16:52.424 INFO  [7947] [PreloginResponse::parse@26] Start parsing the prelogin response...
2023-11-28 12:16:52.425 INFO  [7947] [GatewayAuthenticator::normalAuth@116] Trying to perform the normal login with Username / Password credentials
2023-11-28 12:16:59.749 INFO  [7947] [GatewayAuthenticator::onPerformStandardLogin@130] Start to perform normal login...
2023-11-28 12:16:59.750 INFO  [7947] [GatewayAuthenticator::authenticate@28] Start gateway authentication...
2023-11-28 12:16:59.750 INFO  [7947] [GatewayAuthenticator::login@41] Trying to login the gateway at https://189.*****/ssl-vpn/login.esp, with prot=https%3A&server=&jnlpReady=jnlpReady&computer=matheus-unb&ok=Login&direct=yes&clientVer=4100&clientos=Linux&os-version=Linux Mint 19.1&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=matheusfonseca&passwd=********&portal-userauthcookie=&inputStr=
2023-11-28 12:17:01.056 INFO  [7947] [GatewayAuthenticator::onLoginFinished@66] The server need input the challenge...

After challenge input no new log message is shown after " The server need input the challenge..."

[matheus-fonseca]

I also inserted my VPN cert hash in configuration file /etc/gpservice/gp.conf (self signed):

openconnect-args=--servercert pin-sha256:RJBzoPbobMfRk6GG6lXoxn1AxvUeH5iF3UzxSJL4vnc=