Closed rednag closed 1 month ago
@rednag Have you ever tried switching the gateway from the menu?
Yes, does not work.
The information I got from the logs is:
failed to lookup address information: Name or service not known
GlobalProtect gateway does not exist
.Looks like the key is that the gateway is not reachable from your machine.
@rednag Can you try ping <gateway address>
from your machine to see if the gateway is reachable? The <gateway address>
is the address you redacted in the logs.
The address is pingable and with 1.4.8 the connection is established.
It's weird since the host resolving is done by the OS and I didn't intercept it. I will continue working on investigating why it couldn't resolve the gateway host name by checking if the modules I used have this limitation.
On the other hand, would you mind sending me the work logs of the old client?
If you can tell me where they are stored since the location of the logs must be a different, because ~/.local/share/gpclient/gpclient.log is still the one from 2.1.4.
The old client won't log into a file. Instead, you need to run gpclient
in the Terminal and collect the outputs.
`2024-04-17 11:38:03.995 INFO [33540] [main@24] GlobalProtect started, version: 1.4.8+28snapshot.g4a3f74f libGL error: failed to open /dev/dri/card0: Permission denied libGL error: failed to open /dev/dri/card0: Permission denied libGL error: failed to load driver: iris 2024-04-17 11:38:04.115 INFO [33540] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu... 2024-04-17 11:38:05.748 INFO [33540] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu... 2024-04-17 11:38:05.809 INFO [33540] [GPClient::doConnect@238] Start connecting... 2024-04-17 11:38:05.809 INFO [33540] [GPClient::doConnect@254] Start gateway login using the previously saved gateway... 2024-04-17 11:38:05.809 INFO [33540] [GPClient::gatewayLogin@361] Performing gateway login... 2024-04-17 11:38:05.811 INFO [33540] [GatewayAuthenticator::authenticate@28] Start gateway authentication... 2024-04-17 11:38:05.811 INFO [33540] [GatewayAuthenticator::login@41] Trying to login the gateway at https://xxx.yyy.com/ssl-vpn/login.esp, with prot=https%3A&server=&jnlpReady=jnlpReady&computer=HPd01&ok=Login&direct=yes&clientVer=4100&clientos=win&os-version=Ubuntu 22.04.4 LTS&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=&inputStr= 2024-04-17 11:38:05.982 ERROR [33540] [GatewayAuthenticator::onLoginFinished@53] Failed to login the gateway at https://xxx.yyy.com/ssl-vpn/login.esp, Error transferring https://xxx.yyy.com/ssl-vpn/login.esp - server replied: status code 512 2024-04-17 11:38:05.982 INFO [33540] [GatewayAuthenticator::doAuth@81] Perform the gateway prelogin at https://xxx.yyy.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=win 2024-04-17 11:38:06.016 INFO [33540] [GatewayAuthenticator::onPreloginFinished@98] Gateway prelogin succeeded. 2024-04-17 11:38:06.016 INFO [33540] [PreloginResponse::parse@26] Start parsing the prelogin response... 2024-04-17 11:38:06.016 INFO [33540] [GatewayAuthenticator::samlAuth@152] Trying to perform SAML login with saml-method REDIRECT
DevTools listening on ws://127.0.0.1:12315/devtools/browser/33bae9c6-a46e-4ec9-a8de-2569fe33242d 2024-04-17 11:38:06.068 INFO [33540] [SAMLLoginWindow::login@49] Redirect to https://login.microsoftonline.com/442cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=rVLLTsMwEPyVyHcnjuM%2BYrWVSnugUhEVKRy4IMdxU0vJungdoH9P2oKAS08cVzuax85OULXNQc67sIcH89oZDNFH2wDK82JKOg%2FSKbQoQbUGZdCymN%2BtJY%2BZPHgXnHYNieaIxgfrYOEAu9b4wvg3q83jw3pK9iEcUCZJbXyr4EjR9WpUw95C1WFcHxCONRw5QFy%2F96NuXFfhhSDWrpVCZMlJlLOk2CTzRUGiZW%2FUgjpJ%2Fgg0rrYQt1Z7h24XHDQWzgzJkAtd5mxAOctTKlIjaM7KnJrRcKx3nI8HqUpOiTmJVsspeSkzpbVIMyVMlZeK5UOVam2qasDScVYNexhiZ1aAQUGYEs64oEzQdLRluczGkg2eSbT5OtBNn9RCff2a5QWE8na73dDNfbEl0ZPxeI7YA8hscnIoz8L%2BV0vXadV3NWT2v0VMkl92Zpfp7yfNPgE%3D&RelayState=d2UZAIHVvmUwOWVmZTFmNS1jOWFkLTQ0ZjUtYWExNC02ZDE4MTI3MjA1NmY%3D Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315 2024-04-17 11:38:06.438 INFO [33540] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://login.microsoftonline.com/442cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=rVLLTsMwEPyVyHcnjuM%2BYrWVSnugUhEVKRy4IMdxU0vJungdoH9P2oKAS08cVzuax85OULXNQc67sIcH89oZDNFH2wDK82JKOg%2FSKbQoQbUGZdCymN%2BtJY%2BZPHgXnHYNieaIxgfrYOEAu9b4wvg3q83jw3pK9iEcUCZJbXyr4EjR9WpUw95C1WFcHxCONRw5QFy%2F96NuXFfhhSDWrpVCZMlJlLOk2CTzRUGiZW%2FUgjpJ%2Fgg0rrYQt1Z7h24XHDQWzgzJkAtd5mxAOctTKlIjaM7KnJrRcKx3nI8HqUpOiTmJVsspeSkzpbVIMyVMlZeK5UOVam2qasDScVYNexhiZ1aAQUGYEs64oEzQdLRluczGkg2eSbT5OtBNn9RCff2a5QWE8na73dDNfbEl0ZPxeI7YA8hscnIoz8L%2BV0vXadV3NWT2v0VMkl92Zpfp7yfNPgE%3D&RelayState=d2UZAIHVvmUwOWVmZTFmNS1jOWFkLTQ0ZjUtYWExNC02ZDE4MTI3MjA1NmY%3D 2024-04-17 11:38:06.438 INFO [33540] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result... 2024-04-17 11:38:06.633 INFO [33540] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://xxx.yyy.com/SAML20/SP/ACS 2024-04-17 11:38:06.633 INFO [33540] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result... 2024-04-17 11:38:06.648 INFO [33540] [SAMLLoginWindow::onLoadFinished@109] Load finished https://xxx.yyy.com/SAML20/SP/ACS 2024-04-17 11:38:06.649 INFO [33540] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result... 2024-04-17 11:38:06.649 INFO [33540] [SAMLLoginWindow::checkSamlResult@97] Got the SAML authentication information successfully. username: user@xxx.com, preloginCookie: qX8gSsneZlgHRL5uQbRkFR3rZDPXYGnpY6C2eHqQS4s75eMLApHVXM9gWuIt6p1GOs0bvw==, userAuthCookie: 2024-04-17 11:38:06.649 INFO [33540] [GatewayAuthenticator::onSAMLLoginSuccess@175] SAML login succeeded, got the prelogin-cookie qX8gSsneZlgHRL5uQbRkFR3rZDPXYGnpY6C2eHqQS4s75eMLApHVXM9gWuIt6p1GOs0bvw== 2024-04-17 11:38:06.649 INFO [33540] [GatewayAuthenticator::login@41] Trying to login the gateway at https://xxx.yyy.com/ssl-vpn/login.esp, with prot=https%3A&server=&inputStr=&jnlpReady=jnlpReady&passwd=&computer=HPd01&ok=Login&direct=yes&clientVer=4100&clientos=win&os-version=Ubuntu 22.04.4 LTS&portal-prelogonuserauthcookie=&ipv6-support=yes&user=user%40xxx.com&prelogin-cookie=qX8gSsneZlgHRL5uQbRkFR3rZDPXYGnpY6C2eHqQS4s75eMLApHVXM9gWuIt6p1GOs0bvw%3D%3D&portal-userauthcookie= 2024-04-17 11:38:06.650 ERROR [33540] [CDPCommandManager::onSocketError@86] WebSocket error1 2024-04-17 11:38:06.650 INFO [33540] [CDPCommandManager::onSocketDisconnected@81] WebSocket disconnected 2024-04-17 11:38:06.736 INFO [33540] [gpclient::helper::parseGatewayResponse@57] Start parsing the gateway response... 2024-04-17 11:38:06.736 INFO [33540] [gpclient::helper::parseGatewayResponse@58] The gateway response is: <?xml version="1.0" encoding="UTF-8" ?>
2024-04-17 11:38:06.736 INFO [33540] [GPClient::onGatewaySuccess@385] Gateway login succeeded, got the cookie authcookie=b0a2b72bc513036a24f9b185f3749adb&portal=GlobalProtect_External_Gateway-N&user=user%40xxx.com&domain=%28empty_domain%29&preferred-ip=&computer=HPd01
2024-04-17 11:38:06.748 INFO [33540] [GPClient::onVPNLogAvailable@518] Output of openconnect --version
: OpenConnect version v8.20-1
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
2024-04-17 11:38:06.748 INFO [33540] [GPClient::onVPNLogAvailable@518] Got extra OpenConnect args for server: xxx.yyy.com,
2024-04-17 11:38:06.758 INFO [33540] [GPClient::onVPNLogAvailable@518] Attempting to connect to server 120.51.173.237:443
2024-04-17 11:38:06.780 INFO [33540] [GPClient::onVPNLogAvailable@518] Connected to 120.51.173.237:443
2024-04-17 11:38:06.791 INFO [33540] [GPClient::onVPNLogAvailable@518] SSL negotiation with xxx.yyy.com
2024-04-17 11:38:06.833 INFO [33540] [GPClient::onVPNLogAvailable@518] Connected to HTTPS on xxx.yyy.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 09:38:06 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 2142 Connection: keep-alive Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 X-Frame-Options: DENY Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (2142)
2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] Tunnel timeout (rekey interval) is 30 minutes.
Idle timeout is 30 minutes.
Unknown GlobalProtect config tag
2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] TCP_INFO rcv mss 1328, snd mss 1334, adv mss 1460, pmtu 1500 Using base_mtu of 1500 After removing UDP/IPv4 headers, MTU of 1472 After removing protocol specific overhead (36 unpadded, 2 padded, 16 blocksize), MTU of 1422
2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] No MTU received. Calculated 1422 for ESP tunnel
2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] POST https://xxx.yyy.com/ssl-vpn/hipreportcheck.esp
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 09:38:06 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 127 Connection: keep-alive Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 X-Frame-Options: DENY Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (127) Gateway says HIP report submission is needed.
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] Parameters for incoming ESP: SPI 0xc854654d ESP encryption type AES-128-CBC (RFC3602) key 0x635534534cca91c8ec7e1a860d0d8 ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x12cf8c9a45345cfb83cbffa9dc3d2ca34cc920 Parameters for outgoing ESP: SPI 0x585c382e ESP encryption type AES-128-CBC (RFC3602) key 0x429a3b7fca3e83c6323aa482451e ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x7b3b07a18366c80864345f3bf0723292bf2351 Send ESP probes UDP SO_SNDBUF: 28440
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] WARNING: Server asked us to submit HIP report with md5sum a63bfc67f0bf033d01e3232c3a8504c6. VPN connectivity may be disabled or limited without HIP report submission. You need to provide a --csd-wrapper argument with the HIP report submission script.
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 1) for GlobalProtect ESP:
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0000: 45 00 00 2c 47 47 40 00 40 01 13 08 0a 6e d6 14 |E..,GG@.@....n..|
0010: 00 00 00 00 08 00 0b 08 47 47 00 01 6d 6f 6e 69 |........GG..moni|
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 2) for GlobalProtect ESP:
0000: 45 00 00 2c 47 47 40 00 40 01 13 08 0a 6e d6 14 |E..,GG@.@....n..|
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0010: 00 00 00 00 08 00 0b 07 47 47 00 02 6d 6f 6e 69 |........GG..moni|
0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 3) for GlobalProtect ESP:
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0000: 45 00 00 2c 47 47 40 00 40 01 13 08 0a 6e d6 14 |E..,GG@.@....n..|
0010: 00 00 00 00 08 00 0b 06 47 47 00 03 6d 6f 6e 69 |........GG..moni| 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha |
2024-04-17 11:38:06.926 INFO [33540] [GPClient::onVPNLogAvailable@518] ESP session established with server ESP tunnel connected; exiting HTTPS mainloop.
2024-04-17 11:38:06.926 INFO [33540] [GPClient::onVPNLogAvailable@518] Configured as 10.12.214.20, with SSL disconnected and ESP established Session authentication will expire at Fri May 17 11:38:06 2024 `
Thanks for the log.
There is an entry in the old log
Perform the gateway prelogin at https://xxx.yyy.com/ssl-vpn/prelogin.esp?tmp=tmp&kerb
xxx.yyy.com
is the address you input in the portal input field or the 2.x client?https://xxx.yyy.com/ssl-vpn/prelogin.esp
?Thanks.
I'm using the direct hostname of a gateway instead of using the portal address.
Response of curl?
I'm using the direct hostname of a gateway instead of using the portal address.
Gateway login failed: Network error: error sending request for url (https://yyy.xxx.com/ssl-vpn/login.esp): error trying to connect: dns error: failed to lookup address information: Name or service not known
https://xxx.yyy.com/ssl-vpn/prelogin.esp
in the browser and paste the response here.Yes
<status>Success</status>
<ccusername/>
<autosubmit/>
<msg/>
<newmsg/>
<license>yes</license>
<authentication-message/>
<username-label/>
<password-label/>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser>
<connected-ip>123.123.123.123</connected-ip>
<krb-norm-username/>
<krb-auth-status>0</krb-auth-status>
<cas-auth/>
<saml-auth-status>0</saml-auth-status>
<saml-auth-method/>
<saml-request-timeout/>
<saml-request-id/>
<saml-request/>
<auth-api>no</auth-api>
<region/>
</prelogin-response>
Can you try the 2.x client, input the gateway address to the text field, and change it to gateway
Click the icon:
Change it to gateway:
Then connect, and send me the logs.
Ah ok - so with the gateway address it works, but default the portal address is set.
[2024-04-17T12:14:21Z INFO gpservice::cli] gpservice started: 2.1.4 (2024-04-10)
[2024-04-17T12:14:21Z INFO gpservice::ws_server] WS server listening on port: 34099
[2024-04-17T12:14:21Z INFO gpapi::process::gui_launcher] Check version failed: No such file or directory (os error 2)
[2024-04-17T12:14:21Z INFO gpapi::process::gui_helper_launcher] Launching gpgui-helper
[2024-04-17T12:14:21Z INFO gpgui_helper::cli] gpgui-helper started: 2.1.4 (2024-04-10)
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
** (gpgui-helper:38099): WARNING **: 14:14:22.968: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-17T12:14:22Z INFO gpgui_helper::updater] Update GUI, version: 2.1.4
[2024-04-17T12:14:22Z INFO gpgui_helper::updater] Downloading file: https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v2.1.4/gpgui_x86_64.bin.tar.xz
[2024-04-17T12:14:24Z INFO gpgui_helper::downloader] Content length: 4211244
[2024-04-17T12:14:26Z INFO gpgui_helper::downloader] Downloaded to: "/tmp/.tmpZTn6dE"
[2024-04-17T12:14:26Z INFO gpgui_helper::updater] Checksum success
[2024-04-17T12:14:26Z INFO gpservice::handlers] Update GUI: UpdateGuiRequest { path: "/tmp/.tmpZTn6dE", checksum: "d1b46ea88aff4cc9365206620b0329e1241e680c40c7b5d80b19f7d4e632128b" }
[2024-04-17T12:14:26Z INFO gpservice::handlers] Verifying checksum
[2024-04-17T12:14:26Z INFO gpservice::handlers] Installing GUI
[2024-04-17T12:14:26Z INFO gpservice::handlers] Unpacking GUI archive
[2024-04-17T12:14:26Z INFO gpgui_helper::updater] Install success
[2024-04-17T12:14:26Z INFO gpgui_helper::app] Update done
[2024-04-17T12:14:26Z INFO gpapi::process::gui_helper_launcher] gpgui-helper exited with: exit status: 0
[2024-04-17T12:14:26Z INFO gpapi::process::gui_launcher] Version check passed: 2.1.4
[2024-04-17T12:14:26Z INFO gpapi::process::gui_launcher] Launching gpgui
[2024-04-17T12:14:26Z INFO gpgui::cli] gpgui started: 2.1.4 (2024-04-10)
[2024-04-17T12:14:26Z INFO gpgui::app] Setting the custom openssl conf path
[2024-04-17T12:14:26Z INFO gpgui::config::private_data] Found config key in keyring
[2024-04-17T12:14:26Z INFO gpgui::app::app_initializer] App initialized
[2024-04-17T12:14:26Z INFO gpgui::ws_connector] Connecting to WS server
** (gpgui:38216): WARNING **: 14:14:26.294: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-17T12:14:26Z INFO gpgui::ws_connector] Received ping
[2024-04-17T12:14:26Z INFO gpgui::ws_connector] Connected to WS server
[2024-04-17T12:14:26Z INFO gpservice::handlers] New client connected
[2024-04-17T12:14:26Z INFO gpservice::ws_server] Sending current VPN state to new client
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:14:26Z INFO gpgui::handlers::subscription] Sending the init event to client: main
[2024-04-17T12:14:26Z INFO gpgui::handlers::subscription] Sent the init event to client: main
[2024-04-17T12:14:27Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-04-17T12:14:30Z INFO gpgui::portal_connector] Connecting to the portal: p**********m...
[2024-04-17T12:14:30Z INFO gpgui::portal_connector] Connecting the portal as a gateway...
[2024-04-17T12:14:30Z INFO gpgui::portal_connector] Gateway prelogin, gateway: p**********m...
[2024-04-17T12:14:30Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:14:30Z INFO gpapi::portal::prelogin] Prelogin with params: {"ipv6-support": "yes", "clientVer": "4100", "os-version": "Linux Ubuntu 22.04.4 LTS", "tmp": "tmp", "default-browser": "1", "cas-support": "yes", "clientos": "Linux"}
[2024-04-17T12:14:30Z WARN gpgui::portal_connector] Failed to connect to the portal: Portal prelogin error: Prelogin failed: GlobalProtect gateway does not exist
** (gpgui:38216): WARNING **: 14:15:16.749: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-17T12:15:17Z INFO gpgui::handlers::subscription] Sending the init event to client: main
[2024-04-17T12:15:17Z INFO gpgui::handlers::subscription] Sent the init event to client: main
[2024-04-17T12:15:17Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-04-17T12:15:32Z INFO gpgui::portal_connector] Connecting to the portal: p**********m...
[2024-04-17T12:15:32Z INFO gpgui::portal_connector] Trying to connect the gateway directly...
[2024-04-17T12:15:32Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T12:15:32Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:32Z INFO gpapi::portal::prelogin] Prelogin with params: {"os-version": "Linux Ubuntu 22.04.4 LTS", "cas-support": "yes", "ipv6-support": "yes", "clientos": "Linux", "default-browser": "1", "clientVer": "4100", "tmp": "tmp"}
[2024-04-17T12:15:32Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T12:15:32Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:15:32Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:15:32Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:38494): WARNING **: 14:15:32.821: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=n**********%3D&RelayState=E**********%3D
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:15:34Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:15:34Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:15:34Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:15:34Z WARN gpauth::auth_window] Failed to load uri: https://g**********m/SAML20/SP/ACS with error: UNKNOWN_CA, cert: TlsCertificate
[2024-04-17T12:15:34Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T12:15:34Z INFO gpauth::auth_window] No response found in main resource
[2024-04-17T12:15:34Z INFO gpgui::portal_connector] Failed to connect the gateway directly: TLS error: certificate verify failed
[2024-04-17T12:15:34Z INFO gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-04-17T12:15:34Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-04-17T12:15:34Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:35Z WARN gpapi::portal::config] Portal config error: reason=auth-failed-invalid-cookie, status=512 <unknown status code>, response=<empty>
[2024-04-17T12:15:35Z INFO gpgui::portal_connector] Failed to connect portal with cached credential: Cached credential is stale, please try again
[2024-04-17T12:15:35Z INFO gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-04-17T12:15:35Z INFO gpgui::portal_connector] Performing portal prelogin...
[2024-04-17T12:15:35Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:35Z INFO gpapi::portal::prelogin] Prelogin with params: {"default-browser": "1", "clientos": "Linux", "cas-support": "yes", "ipv6-support": "yes", "clientVer": "4100", "tmp": "tmp", "os-version": "Linux Ubuntu 22.04.4 LTS"}
[2024-04-17T12:15:35Z INFO gpgui::portal_connector] Authenticating portal...
[2024-04-17T12:15:35Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:15:35Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:38574): WARNING **: 14:15:35.339: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=l**********%3D&RelayState=Y**********%3D
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:15:35Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:15:35Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:15:35Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:15:35Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Loaded uri: https://p**********m/SAML20/SP/ACS
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Got auth data from headers
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-04-17T12:15:36Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Retrieved 2 gateway(s) from the portal, updating...
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-17T12:15:36Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:36Z WARN gpapi::gateway::login] Gateway login error: reason=<none>, status=512 <unknown status code>, response=
var respStatus = "Error";
var respMsg = "Authentication failure: Invalid username or password";
thisForm.inputStr.value = "";
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Gateway login failed: Gateway login error, reason: <none>
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T12:15:36Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:15:36Z INFO gpapi::portal::prelogin] Prelogin with params: {"ipv6-support": "yes", "clientVer": "4100", "clientos": "Linux", "os-version": "Linux Ubuntu 22.04.4 LTS", "tmp": "tmp", "default-browser": "1", "cas-support": "yes"}
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T12:15:36Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:15:36Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:38659): WARNING **: 14:15:36.778: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:15:36Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=n**********C&RelayState=G**********%3D
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:15:37Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:15:37Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:15:37Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:15:37Z WARN gpauth::auth_window] Failed to load uri: https://g**********m/SAML20/SP/ACS with error: UNKNOWN_CA, cert: TlsCertificate
[2024-04-17T12:15:37Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T12:15:37Z INFO gpauth::auth_window] No response found in main resource
[2024-04-17T12:15:37Z INFO gpgui::portal_connector] Failed to connect the portal with prelogin: TLS error: certificate verify failed
[2024-04-17T12:15:37Z WARN gpgui::portal_connector] Failed to connect to the portal: TLS error: certificate verify failed
** (gpgui:38216): WARNING **: 14:15:39.975: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-17T12:15:40Z INFO gpgui::handlers::subscription] Sending the init event to client: settings
[2024-04-17T12:15:40Z INFO gpgui::handlers::subscription] Sent the init event to client: settings
[2024-04-17T12:15:41Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect Settings
** (gpgui:38216): WARNING **: 14:16:16.544: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-17T12:16:17Z INFO gpgui::handlers::subscription] Sending the init event to client: main
[2024-04-17T12:16:17Z INFO gpgui::handlers::subscription] Sent the init event to client: main
[2024-04-17T12:16:17Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-04-17T12:16:22Z INFO gpgui::portal_connector] Connecting to the portal: g**********m...
[2024-04-17T12:16:22Z INFO gpgui::portal_connector] Connecting the portal as a gateway...
[2024-04-17T12:16:22Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T12:16:22Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:16:22Z INFO gpapi::portal::prelogin] Prelogin with params: {"os-version": "Linux Ubuntu 22.04.4 LTS", "cas-support": "yes", "ipv6-support": "yes", "default-browser": "1", "clientos": "Linux", "tmp": "tmp", "clientVer": "4100"}
[2024-04-17T12:16:22Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T12:16:22Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:16:22Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:16:22Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:38965): WARNING **: 14:16:22.275: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:16:23Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:16:23Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:16:24Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=r**********%3D&RelayState=o**********%3D
[2024-04-17T12:16:24Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:16:24Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:16:24Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:16:24Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:16:24Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:16:24Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:16:24Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:16:25Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T12:16:25Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:16:25Z INFO gpauth::auth_window] Got auth data from headers
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
[2024-04-17T12:16:25Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-17T12:16:25Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:16:25Z INFO gpgui::portal_connector] Gateway login succeeded, gateway: g**********m
[2024-04-17T12:16:25Z INFO gpgui::portal_connector] Connecting to the gateway...
[2024-04-17T12:16:25Z INFO openconnect::ffi] openconnect version: v8.20-1
[2024-04-17T12:16:25Z INFO openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:16:25Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-04-17T12:16:25Z INFO openconnect::ffi] OS: linux
[2024-04-17T12:16:25Z INFO openconnect::ffi] CSD_USER: 1000
[2024-04-17T12:16:25Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-04-17T12:16:25Z INFO openconnect::ffi] MTU: 0
[2024-04-17T12:16:25Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-04-17T12:16:25Z INFO openconnect::ffi] Connected to [**********]:443
[2024-04-17T12:16:25Z INFO openconnect::ffi] SSL negotiation with [**********]
[2024-04-17T12:16:25Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-17T12:16:25Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-04-17T12:16:25Z INFO openconnect::ffi] Idle timeout is 30 minutes.
[2024-04-17T12:16:25Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-04-17T12:16:25Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-04-17T12:16:25Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum a63bfc67f0bf033d01e3835c3a8504c6.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-04-17T12:16:25Z INFO openconnect::ffi] ESP session established with server
[2024-04-17T12:16:25Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-04-17T12:16:27Z INFO openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-04-17T12:16:27Z INFO gpgui::portal_connector] Connected to the gateway: g**********m
[2024-04-17T12:16:30Z INFO gpgui::portal_connector] Disconnecting the gateway...
[2024-04-17T12:16:30Z INFO gpservice::vpn_task] Disconnecting VPN...
[2024-04-17T12:16:30Z INFO gpservice::vpn_task] VPN is connected, start disconnecting...
[2024-04-17T12:16:30Z INFO openconnect::ffi] Stopping VPN connection: 14
[2024-04-17T12:16:30Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/logout.esp
[2024-04-17T12:16:30Z INFO openconnect::ffi] SSL negotiation with [**********]
[2024-04-17T12:16:30Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-17T12:16:30Z INFO openconnect::ffi] Logout successful.
RTNETLINK answers: No such process
[2024-04-17T12:16:30Z INFO openconnect::ffi] openconnect_mainloop returned -4, exiting
[2024-04-17T12:16:30Z INFO gpservice::vpn_task] VPN disconnected
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Connecting to the portal: p**********a...
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Trying to connect the gateway directly...
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Failed to connect the gateway directly: No portal connection found
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Performing portal prelogin...
[2024-04-17T12:17:25Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:25Z INFO gpapi::portal::prelogin] Prelogin with params: {"clientVer": "4100", "ipv6-support": "yes", "tmp": "tmp", "default-browser": "1", "clientos": "Linux", "cas-support": "yes", "os-version": "Linux Ubuntu 22.04.4 LTS"}
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Failed to connect the portal with prelogin: Network error: error sending request for url (https://server/global-protect/prelogin.esp): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Trying to connect the portal as a gateway...
[2024-04-17T12:17:25Z INFO gpgui::portal_connector] Gateway prelogin, gateway: p**********a...
[2024-04-17T12:17:25Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:25Z INFO gpapi::portal::prelogin] Prelogin with params: {"cas-support": "yes", "clientos": "Linux", "default-browser": "1", "tmp": "tmp", "ipv6-support": "yes", "os-version": "Linux Ubuntu 22.04.4 LTS", "clientVer": "4100"}
[2024-04-17T12:17:25Z WARN gpgui::portal_connector] Failed to connect to the portal: Network error: error sending request for url (https://server/ssl-vpn/prelogin.esp): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution
[2024-04-17T12:17:28Z INFO gpgui::portal_connector] Connecting to the portal: p**********m...
[2024-04-17T12:17:28Z INFO gpgui::portal_connector] Trying to connect the gateway directly...
[2024-04-17T12:17:28Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T12:17:28Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:28Z INFO gpapi::portal::prelogin] Prelogin with params: {"clientVer": "4100", "clientos": "Linux", "os-version": "Linux Ubuntu 22.04.4 LTS", "tmp": "tmp", "default-browser": "1", "cas-support": "yes", "ipv6-support": "yes"}
[2024-04-17T12:17:28Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T12:17:28Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:17:28Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:17:28Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:39212): WARNING **: 14:17:28.701: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=n**********%3D&RelayState=0**********%3D
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:17:30Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:17:30Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:17:30Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:17:30Z WARN gpauth::auth_window] Failed to load uri: https://g**********m/SAML20/SP/ACS with error: UNKNOWN_CA, cert: TlsCertificate
[2024-04-17T12:17:30Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T12:17:30Z INFO gpauth::auth_window] No response found in main resource
[2024-04-17T12:17:30Z INFO gpgui::portal_connector] Failed to connect the gateway directly: TLS error: certificate verify failed
[2024-04-17T12:17:30Z INFO gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-04-17T12:17:30Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-04-17T12:17:30Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Retrieved 2 gateway(s) from the portal, updating...
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-17T12:17:31Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:31Z WARN gpapi::gateway::login] Gateway login error: reason=<none>, status=512 <unknown status code>, response=
var respStatus = "Error";
var respMsg = "Authentication failure: Invalid username or password";
thisForm.inputStr.value = "";
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Failed to connect portal with cached credential: Gateway login error, reason: <none>
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Performing portal prelogin...
[2024-04-17T12:17:31Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:31Z INFO gpapi::portal::prelogin] Prelogin with params: {"ipv6-support": "yes", "tmp": "tmp", "default-browser": "1", "cas-support": "yes", "os-version": "Linux Ubuntu 22.04.4 LTS", "clientVer": "4100", "clientos": "Linux"}
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Authenticating portal...
[2024-04-17T12:17:31Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:17:31Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:39292): WARNING **: 14:17:31.540: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-321h-e768cf22851a/saml2?SAMLRequest=l**********%3D&RelayState=o**********%3D
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:17:31Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:17:31Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:17:31Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:17:31Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Loaded uri: https://p**********m/SAML20/SP/ACS
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Got auth data from headers
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-04-17T12:17:32Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Retrieved 2 gateway(s) from the portal, updating...
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-17T12:17:32Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:32Z WARN gpapi::gateway::login] Gateway login error: reason=<none>, status=512 <unknown status code>, response=
var respStatus = "Error";
var respMsg = "Authentication failure: Invalid username or password";
thisForm.inputStr.value = "";
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Gateway login failed: Gateway login error, reason: <none>
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T12:17:32Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T12:17:32Z INFO gpapi::portal::prelogin] Prelogin with params: {"default-browser": "1", "tmp": "tmp", "clientos": "Linux", "clientVer": "4100", "ipv6-support": "yes", "os-version": "Linux Ubuntu 22.04.4 LTS", "cas-support": "yes"}
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T12:17:32Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T12:17:32Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:39377): WARNING **: 14:17:32.813: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T12:17:32Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-321h-e768cf22851a/saml2?SAMLRequest=n**********P&RelayState=2**********%3D
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T12:17:33Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T12:17:33Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T12:17:33Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T12:17:33Z WARN gpauth::auth_window] Failed to load uri: https://g**********m/SAML20/SP/ACS with error: UNKNOWN_CA, cert: TlsCertificate
[2024-04-17T12:17:33Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T12:17:33Z INFO gpauth::auth_window] No response found in main resource
[2024-04-17T12:17:33Z INFO gpgui::portal_connector] Failed to connect the portal with prelogin: TLS error: certificate verify failed
[2024-04-17T12:17:33Z WARN gpgui::portal_connector] Failed to connect to the portal: TLS error: certificate verify fail
- Connected when set Gateway server, but used default (the portal address)
- Connected when set Portal server and used default
- Connected when set Gateways server and used Gateway address
There is a certificate error when authenticating, you may need to check Ignore TLS Errors on the settings page.
The log when "Ignore TLS Errors" is set
[2024-04-17T13:35:24Z INFO gpgui::portal_connector] Connecting to the portal: p**********m...
[2024-04-17T13:35:24Z INFO gpgui::portal_connector] Trying to connect the gateway directly...
[2024-04-17T13:35:24Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-17T13:35:24Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T13:35:24Z INFO gpapi::portal::prelogin] Prelogin with params: {"os-version": "Linux Ubuntu 22.04.4 LTS", "default-browser": "1", "ipv6-support": "yes", "clientos": "Linux", "clientVer": "4100", "tmp": "tmp", "cas-support": "yes"}
[2024-04-17T13:35:24Z INFO gpgui::portal_connector] Authenticating gateway...
[2024-04-17T13:35:24Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-04-17T13:35:24Z INFO gpauth::cli] gpauth started: 2.1.4 (2024-04-10)
[2024-04-17T13:35:24Z INFO gpauth::cli] TLS errors will be ignored
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
** (gpauth:40938): WARNING **: 15:35:24.516: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: failed to open /dev/dri/card0: Permission denied
libEGL warning: DRI2: could not open /dev/dri/card0 (Permission denied)
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Loaded uri: https://l**********m/42cb905-2091-12f4-321h-e768cf22851a/saml2?SAMLRequest=n**********%3D&RelayState=w**********%3D
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T13:35:24Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-17T13:35:24Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-17T13:35:24Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-17T13:35:24Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-17T13:35:25Z INFO gpauth::auth_window] Loaded uri: https://g**********m/SAML20/SP/ACS
[2024-04-17T13:35:25Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-17T13:35:25Z INFO gpauth::auth_window] Got auth data from headers
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
[2024-04-17T13:35:25Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-17T13:35:25Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T13:35:25Z INFO gpgui::portal_connector] Gateway login succeeded, gateway: g**********m
[2024-04-17T13:35:25Z INFO gpgui::portal_connector] Connecting to the gateway...
[2024-04-17T13:35:25Z INFO openconnect::ffi] openconnect version: v8.20-1
[2024-04-17T13:35:25Z INFO openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-17T13:35:25Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-04-17T13:35:25Z INFO openconnect::ffi] OS: linux
[2024-04-17T13:35:25Z INFO openconnect::ffi] CSD_USER: 1000
[2024-04-17T13:35:25Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-04-17T13:35:25Z INFO openconnect::ffi] MTU: 0
[2024-04-17T13:35:25Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-04-17T13:35:25Z INFO openconnect::ffi] Connected to [**********]:443
[2024-04-17T13:35:25Z INFO openconnect::ffi] SSL negotiation with [**********]
[2024-04-17T13:35:25Z INFO openconnect::ffi] Server certificate verify failed: signer not found
[2024-04-17T13:35:25Z INFO openconnect::ffi] Validating peer cert: signer not found
[2024-04-17T13:35:25Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-17T13:35:25Z WARN openconnect::ffi] Matching client config not found
[2024-04-17T13:35:25Z WARN openconnect::ffi] openconnect_make_cstp_connection failed
[2024-04-17T13:35:25Z WARN gpgui::portal_connector] Failed to connect to the gateway: g**********m
The TLS errors occur when authentication, Ignore TLS Errors
should not impact the connect status. Feel free to uncheck it.
Set Gateways server and used Gateway address
will instruct the 2.x client to perform the same workflow as the old one, So you can use this preference.
TLS errors occur and the connection is not established.
In the old client I've used the portal server and were able to choose the gateway from a list or the portal responds the nearest gateway server.
Looks like you have two gateways and one portal. It is problematic when connecting as a portal server. The reason is not very clear, I found some error messages I have never seen.
[2024-04-17T13:35:25Z INFO openconnect::ffi] Validating peer cert: signer not found
[2024-04-17T13:35:25Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-04-17T13:35:25Z WARN openconnect::ffi] Matching client config not found
Your gateway might need the client certificates to authenticate when using the portal server.
But anyway, do as follows:
Ignore TLS Errors
Gateway Server
and input the gateway1.xxx.com
, then connectGateway Server
and input the gateway2.xxx.com
, then connectHope this works for you.
Weird since it works with 1.4.8.
We are talking about 25 different Gateway server...
We are talking about 25 different Gateway server...
You mean that you have 25 gateways? But I only find 2 gateway logs in the log file.
Yes - in the previous version all of those were shown in a drop down or list. Mainly I use two of them, but it depends on the location.
** (gpauth:45821): WARNING **: 07:48:28.987: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-04-18T05:48:30Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-18T05:48:30Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Loaded uri: https://l**********m/442cb905-2091-12f4-90b9-e768cf22851a/saml2?SAMLRequest=l**********%3D&RelayState=C**********%3D
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-18T05:48:31Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-18T05:48:31Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-04-18T05:48:31Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Raise window cancelled
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Loaded uri: https://p**********m/SAML20/SP/ACS
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-18T05:48:31Z INFO gpauth::auth_window] Got auth data from headers
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-04-18T05:48:31Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Retrieved 2 gateway(s) from the portal, updating...
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**********m...
[2024-04-18T05:48:31Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Gateway login failed: Network error: error sending request for url (https://yyy.xxx.com/ssl-vpn/login.esp): error trying to connect: dns error: failed to lookup address information: Name or service not known
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**********m...
[2024-04-18T05:48:31Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-18T05:48:31Z INFO gpapi::portal::prelogin] Prelogin with params: {"tmp": "tmp", "clientos": "Linux", "os-version": "Linux Ubuntu 22.04.4 LTS", "default-browser": "1", "ipv6-support": "yes", "cas-support": "yes", "clientVer": "4100"}
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Failed to connect the portal with prelogin: Network error: error sending request for url (https://yyy.xxx.com/ssl-vpn/prelogin.esp): error trying to connect: dns error: failed to lookup address information: Name or service not known
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Trying to connect the portal as a gateway...
[2024-04-18T05:48:31Z INFO gpgui::portal_connector] Gateway prelogin, gateway: p**********m...
[2024-04-18T05:48:31Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 22.04.4 LTS)
[2024-04-18T05:48:31Z INFO gpapi::portal::prelogin] Prelogin with params: {"cas-support": "yes", "clientVer": "4100", "clientos": "Linux", "os-version": "Linux Ubuntu 22.04.4 LTS", "tmp": "tmp", "ipv6-support": "yes", "default-browser": "1"}
[2024-04-18T05:48:32Z WARN gpgui::portal_connector] Failed to connect to the portal: Portal prelogin error: Prelogin failed: GlobalProtect gateway does not exist
Has it something to do with ipv6?! I just remember some issues I had with OpenVPN and IPv6.
@rednag The new client may have a flaw in parsing the gateways in the portal config. Can you help get the portal configuration with the following steps?
Save the following script as portal_config.sh
#!/usr/bin/env bash
set -e
# Get the auth token
json=$(gpauth --fix-openssl "$PORTAL")
cookie=$(echo "$json" | jq -r '.success.preloginCookie')
user=$(echo "$json" | jq -r '.success.username')
# Get the portal config
curl -X POST \
"https://$PORTAL/global-protect/getconfig.esp" \
--header 'Accept: */*' \
--header 'User-Agent: PAN GlobalProtect' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'prot=https:' \
--data-urlencode 'jnlpReady=jnlpReady' \
--data-urlencode 'ok=Login' \
--data-urlencode 'direct=yes' \
--data-urlencode 'ipv6-support=yes' \
--data-urlencode 'inputStr=' \
--data-urlencode 'clientVer=4100' \
--data-urlencode 'cas-support=yes' \
--data-urlencode "user=$user" \
--data-urlencode "prelogin-cookie=$cookie"
PORTAL=your.vpn.portal.com bash path/to/portal_config.sh
Sorry, my trail period ended and therefore I can not further test it.
Hi @rednag understand it. But the CLI version has the parity features as the GUI version. The script in my last comment still makes sense.
Closing it for now, feel free to re-open if the problem still exists.
Describe the bug Trying to connect to our portal and I'm getting the following error
Connection Failed error sending request for url (https://...): error trying to connect: dns error: failed to lookup address information: Name or service not known
Expected behavior Connecting to the GP portal.
Screenshots If applicable, add screenshots to help explain your problem.
Logs
Environment:
Additional context The free to use version worked out of the box and now I have a demo version which is not working?