openconnect-args=--servercert not working

[WillieMaddox]

Hello,

I believe I might be having a similar issue as #363. When I have previously used gpclient v1 I could successfully connect after adding openconnect-args=--servercert pin-sha256:xxxxxxx to /etc/gpservice/gp.conf.

What would be the equivalent with v2?

Thanks

[yuezk]

@WillieMaddox --servercert is no longer needed in v2. Can I have the full logs?

[WillieMaddox]

I assume you mean these logs:

gpclient --ignore-tls-errors connect vpn.my_vpn.com:123 -u my_username@my_vpn.com

and

gpclient connect vpn.my_vpn.com:123 -u my_username@my_vpn.com

Both of which give the same output:

$ gpclient connect vpn.my_vpn.com:123 -u my_username@my_vpn.com
[2024-07-30T06:22:08Z INFO  gpclient::cli] gpclient started: 2.3.4 (2024-07-08)
[2024-07-30T06:22:08Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2024-07-30T06:22:08Z INFO  gpclient::connect] Failed to connect portal with prelogin: Network error: error sending request for url (https://vpn.my_vpn.com:123/global-protect/prelogin.esp): error trying to connect: dns error: failed to lookup address information: Name or service not known
[2024-07-30T06:22:08Z INFO  gpclient::connect] Trying the gateway authentication workflow...
[2024-07-30T06:22:08Z INFO  gpclient::connect] Performing the gateway authentication...
[2024-07-30T06:22:08Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect

Error: Network error: error sending request for url (https://vpn.my_vpn.com:123/ssl-vpn/prelogin.esp): error trying to connect: dns error: failed to lookup address information: Name or service not known

Not sure why I'm getting DNS errors. This might be a different problem.

[yuezk]

Hi @WillieMaddox, the logs indicate that the VPN host is not resolvable, it seems related to the DNS. Can you ping the VPN host?