Open Chen-T opened 8 months ago
Having the same issue, with cli on Ubuntu.
Successfully connected at 06:19:
[2024-04-12T06:19:29Z INFO gpclient::connect] Wrote PID 21884 to /var/run/gpclient.lock
10 Min later:
[2024-04-12T06:28:29Z INFO openconnect::ffi] GlobalProtect rekey due
[2024-04-12T06:28:29Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/getconfig.esp
[2024-04-12T06:28:29Z INFO openconnect::ffi] SSL negotiation with smth.com
[2024-04-12T06:28:29Z INFO openconnect::ffi] Connected to HTTPS on smth.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-12T06:28:29Z WARN openconnect::ffi] Allow Automatic Restoration of SSL VPN is disabled
[2024-04-12T06:28:29Z WARN openconnect::ffi] Cookie is no longer valid, ending session
[2024-04-12T06:28:29Z WARN openconnect::ffi] Reconnect failed
[2024-04-12T06:28:29Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/logout.esp
[2024-04-12T06:28:29Z INFO openconnect::ffi] SSL negotiation with smth.com
[2024-04-12T06:28:29Z INFO openconnect::ffi] Connected to HTTPS on smth.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-12T06:28:29Z INFO openconnect::ffi] Logout successful.
RTNETLINK answers: No such process
RTNETLINK answers: No such process
[2024-04-12T06:28:29Z INFO openconnect::ffi] openconnect_mainloop returned -1, exiting
Hi @MurKit, does this client ever worked for you? And could you please provide the full log to me to further investigate? Thanks.
hey @yuezk, thanks for your attention. Yes, it works great, but maybe I'm missing some options as I run the client?
$ sudo gpclient connect smth.com
[2024-04-12T06:46:42Z INFO gpclient::cli] gpclient started: 2.1.4 (2024-04-10)
[2024-04-12T06:46:42Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect
[2024-04-12T06:46:42Z INFO gpapi::portal::prelogin] Prelogin with params: {"tmp": "tmp", "default-browser": "1", "cas-support": "yes", "os-version": "Linux Ubuntu 20.04.1 LTS", "ipv6-support": "yes", "clientos": "Linux", "clientVer": "4100"}
[2024-04-12T06:46:42Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-12T06:46:42Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
[2024-04-12T06:46:42Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15
[2024-04-12T06:46:42Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-12T06:46:43Z INFO gpauth::auth_window] Loaded uri: https://l**********m/****************/saml2?SAMLRequest=j**********%3D&RelayState=**********%3D&SigAlg=h**********6&Signature=a**********%3D
[2024-04-12T06:46:43Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-12T06:46:43Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-12T06:46:43Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-12T06:46:43Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-12T06:46:43Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-12T06:46:43Z INFO gpauth::auth_window] Raise window in 1 second(s)
(process:23077): libsoup-WARNING **: 09:46:44.004: gssapi step failed: Unspecified GSS failure. Minor code may provide more information: SPNEGO cannot find mechanisms to negotiate
[2024-04-12T06:46:45Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect Login
[2024-04-12T06:46:54Z INFO gpauth::auth_window] Loaded uri: https://l**********m/***********************/login
[2024-04-12T06:46:54Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-12T06:46:54Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-12T06:46:54Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-12T06:46:54Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-12T06:46:54Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Loaded uri: https://l**********m/common/SAS/ProcessAuth
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-12T06:47:06Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-12T06:47:06Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-12T06:47:06Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Loaded uri: https://m**********m/SAML20/SP/ACS
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-12T06:47:06Z INFO gpauth::auth_window] Got auth data from headers
[2024-04-12T06:47:06Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect
[2024-04-12T06:47:06Z INFO gpclient::connect] Connecting to the only available gateway: hhjhhjh (smth.com)
[2024-04-12T06:47:06Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect
[2024-04-12T06:47:06Z INFO openconnect::ffi] openconnect version: v9.12-0-focal1
[2024-04-12T06:47:06Z INFO openconnect::ffi] User agent: PAN GlobalProtect
[2024-04-12T06:47:06Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-04-12T06:47:06Z INFO openconnect::ffi] OS: linux
[2024-04-12T06:47:06Z INFO openconnect::ffi] CSD_USER: 1000
[2024-04-12T06:47:06Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-04-12T06:47:06Z INFO openconnect::ffi] MTU: 0
[2024-04-12T06:47:06Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/getconfig.esp
[2024-04-12T06:47:06Z INFO openconnect::ffi] Connected to **********
[2024-04-12T06:47:06Z INFO openconnect::ffi] SSL negotiation with smth.com
[2024-04-12T06:47:06Z INFO openconnect::ffi] Connected to HTTPS on smth.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-12T06:47:06Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 10 minutes.
[2024-04-12T06:47:06Z INFO openconnect::ffi] Idle timeout is 10 minutes.
[2024-04-12T06:47:06Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-04-12T06:47:06Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/hipreportcheck.esp
[2024-04-12T06:47:06Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum eb96666666663e622d31d066666633667.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-04-12T06:47:06Z INFO openconnect::ffi] ESP session established with server
[2024-04-12T06:47:06Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-04-12T06:47:06Z INFO openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-04-12T06:47:06Z INFO openconnect::vpn] Connected to VPN, pipe_fd: 11
[2024-04-12T06:47:06Z INFO gpclient::connect] Wrote PID 23019 to /var/run/gpclient.lock
[2024-04-12T06:56:06Z INFO openconnect::ffi] GlobalProtect rekey due
[2024-04-12T06:56:06Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/getconfig.esp
[2024-04-12T06:56:06Z INFO openconnect::ffi] SSL negotiation with smth.com
[2024-04-12T06:56:06Z INFO openconnect::ffi] Connected to HTTPS on smth.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-12T06:56:06Z WARN openconnect::ffi] Allow Automatic Restoration of SSL VPN is disabled
[2024-04-12T06:56:06Z WARN openconnect::ffi] Cookie is no longer valid, ending session
[2024-04-12T06:56:06Z WARN openconnect::ffi] Reconnect failed
[2024-04-12T06:56:06Z INFO openconnect::ffi] POST https://smth.com/ssl-vpn/logout.esp
[2024-04-12T06:56:06Z INFO openconnect::ffi] SSL negotiation with smth.com
[2024-04-12T06:56:06Z INFO openconnect::ffi] Connected to HTTPS on smth.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-12T06:56:06Z INFO openconnect::ffi] Logout successful.
RTNETLINK answers: No such process
RTNETLINK answers: No such process
[2024-04-12T06:56:06Z INFO openconnect::ffi] openconnect_mainloop returned -1, exiting
[2024-04-12T06:56:06Z INFO gpclient::connect] Removing PID file
Looks the tunnel timeout is 10 minutes, I never met this before, not sure whether the timeout is configured from the VPN server side or the client side. I will investigate if the timeout can be set via the client.
[2024-04-12T06:47:06Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 10 minutes.
... ...
[2024-04-12T06:56:06Z INFO openconnect::ffi] GlobalProtect rekey due
And the timeout of my VPN is 180 minutes.
I suspect the timeout is set from the server.
Also, the gui client from globalprotect did not disconnect, but it has a bad GUI and a weird autostart without closing the previous instances.
It could be set from the client side if the official client did not disconnect.
I found some information regarding this problem:
The workaround for this is to enable automatic restoration of SSL VPN from the server side, or increase the Inactivity Logout period to delay the rekey period.
This is the official doc regarding this.
So, guess it's not possible when a user can't affect decisions how to set up the server. Maybe the official app has some options and therefore works.
File transfer using Remmina didn't work. Also jdbc connections to postres didn't work. Using standard Windows client working all well. .. unfortunately have to use a windows wm for it.
Hi, after I successfully connect with the GUI, the connection will be disconnected after a period of time, and I need to manually reconnect. Is there any way to automatically reconnect? If there is one, please let me know, thank you.