search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.37k stars 153 forks source link

Missing save password checkbox #420

Closed nfacha closed 4 days ago

nfacha commented 1 month ago

Describe the bug The "Save Password" checkbox is missing, credentials need to be entered everytime the PC reboots (autostart+autoconnect)

Expected behavior There is a "Save Password" checkbox as there was before

Environment:

yuezk commented 1 month ago

Hi @nfacha, how do you authenticate your VPN server? Do you use the name/password prompted or use an SSO in the embedded browser?

nfacha commented 1 month ago

Hi @nfacha, how do you authenticate your VPN server? Do you use the name/password prompted or use an SSO in the embedded browser?

I authenticate with username/password Before there was an option to save it, but on a recent update it went away

yuezk commented 1 month ago

For the username/password authentication, the credentials are automatically saved. Do you prefer not to save it?

nfacha commented 1 month ago

For the username/password authentication, the credentials are automatically saved. Do you prefer not to save it?

They are not being saved Login > Connect Successful > Disconnect > Reboot PC > Creds are being asked again

yuezk commented 1 month ago

Can you help send the logs ~/.local/share/gpclient/gpclient.log?

nfacha commented 1 month ago

Can you help send the logs ~/.local/share/gpclient/gpclient.log?

Looks like its either not saving on connect, or saving something incorrect i guess? Here you go

[2024-09-12T08:44:02Z INFO  gpservice::cli] gpservice started: 2.3.7 (2024-08-16)
[2024-09-12T08:44:02Z INFO  gpservice::ws_server] WS server listening on port: 46647
[2024-09-12T08:44:02Z INFO  gpapi::process::gui_launcher] Version check passed: 2.3.7
[2024-09-12T08:44:02Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-09-12T08:44:02Z INFO  gpgui::cli] gpgui started: 2.3.7 (2024-08-16)
[2024-09-12T08:44:02Z INFO  gpgui::app] Setting the custom openssl conf path
[2024-09-12T08:44:03Z INFO  gpgui::config::private_data] Loaded config key from keyring
[2024-09-12T08:44:03Z INFO  gpgui::app::app_initializer] App initialized
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Auto connecting to the portal...
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Received ping
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Connected to WS server
[2024-09-12T08:44:03Z INFO  gpservice::handlers] New client connected
[2024-09-12T08:44:03Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Connecting to the portal: g**********t...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: Internal host detection is enabled, can't connect the gateway directly
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:03Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z INFO  gpapi::portal::config] Found internal-host-detection, performing DNS lookup
[2024-09-12T08:44:03Z WARN  gpapi::portal::config] rDNS lookup failed for 10.19.7.184: failed to lookup address information: Name or service not known
[2024-09-12T08:44:03Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********t...
[2024-09-12T08:44:03Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z WARN  gpapi::gateway::login] GP response error: reason=<none>, status=512 <unknown status code>, body=<html>
      <head></head>
      <body>
      var respStatus = "Error";
      var respMsg = "Authentication failure: Invalid username or password";
      thisForm.inputStr.value = "";
    </body>
    </html>
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: Gateway login error: <none>
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-12T08:44:03Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:04Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-09-12T08:44:04Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:04Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:04Z INFO  gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect
[2024-09-12T08:44:04Z WARN  gpapi::portal::config] GP response error: reason=auth-failed, status=512 <unknown status code>, body=<empty>
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Failed to connect the portal with prelogin: Cached credential is stale, please try again
[2024-09-12T08:44:04Z WARN  gpgui::portal_connector] Failed to connect to the portal: Cached credential is stale, please try again
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Connecting to the portal: g**********t...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-12T08:44:12Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:12Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] No cached standard credential found, prompting the user...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Received portal credential from the user
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:17Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  gpapi::portal::config] Found internal-host-detection, performing DNS lookup
[2024-09-12T08:44:17Z WARN  gpapi::portal::config] rDNS lookup failed for 10.19.7.184: failed to lookup address information: Name or service not known
[2024-09-12T08:44:17Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********t...
[2024-09-12T08:44:17Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: g**********t
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-09-12T08:44:17Z INFO  openconnect::ffi] openconnect version: v9.12-1build5
[2024-09-12T08:44:17Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-09-12T08:44:17Z INFO  openconnect::ffi] OS: linux
[2024-09-12T08:44:17Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-09-12T08:44:17Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-12T08:44:17Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-12T08:44:17Z INFO  openconnect::ffi] MTU: 0
[2024-09-12T08:44:17Z INFO  openconnect::ffi] DISABLE_IPV6: 1
[2024-09-12T08:44:17Z INFO  openconnect::ffi] NO_DTLS: 0
[2024-09-12T08:44:17Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-09-12T08:44:18Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM)
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 480 minutes.
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Idle timeout is 480 minutes.
[2024-09-12T08:44:18Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-12T08:44:18Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-12T08:44:18Z INFO  openconnect::ffi] ESP session established with server
[2024-09-12T08:44:18Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-12T08:44:19Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-12T08:44:19Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-09-12T08:44:19Z INFO  gpgui::portal_connector] Connected to the gateway: g**********t
yuezk commented 1 month ago

There could be a bug, I will check it.

nfacha commented 1 month ago

There could be a bug, I will check it.

Let me know if any additional debug is needed

DamnedElric commented 1 month ago

I would certainly prefer being able to disable remembering the credentials.

yuezk commented 1 month ago

@DamnedElric i can add an option to disable it. Btw, does the auto save works for you?

DamnedElric commented 1 month ago

@DamnedElric i can add an option to disable it. Btw, does the auto save works for you?

Yes the auto save is working.

nfacha commented 1 month ago

For me it was working before (there was a checkbox that eventually disappeared, but it continued to work) Once i had to format (so a clean install) the issue started Would suggest spinning up a new VM and installing from scratch there it see if happens if there is issues reproducing

mcflypl commented 2 weeks ago

Is there any information on this matter? Because, in fact, that was the main reason I have the paid version, without it there's no point in paying for a subscription every month.

yuezk commented 2 weeks ago

@mcflypl Sorry for the delay. I'm unable to reproduce this issue locally. You and @nfacha may run into a corner case.

Would you please send logs at ~/.local/share/gpclient/gpclient.log? I will analysis your logs together to see if I can find the pattern. Thanks.

mcflypl commented 1 week ago

@yuezk logs:

[2024-10-23T14:14:57Z INFO  gpservice::cli] gpservice started: 2.1.2 (2024-03-29)
[2024-10-23T14:14:57Z INFO  gpservice::ws_server] WS server listening on port: 38549
[2024-10-23T14:14:57Z INFO  gpapi::process::gui_launcher] Version check passed: 2.1.2
[2024-10-23T14:14:57Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-10-23T14:14:57Z INFO  gpgui::cli] gpgui started: 2.1.2 (2024-03-29)
[2024-10-23T14:14:57Z INFO  gpgui::app] Setting the custom openssl conf path
[2024-10-23T14:14:57Z INFO  gpgui::config::private_data] Found config key in keyring
[2024-10-23T14:14:57Z INFO  gpgui::app::app_initializer] App initialized
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Received ping
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Connected to WS server
[2024-10-23T14:14:57Z INFO  gpservice::handlers] New client connected
[2024-10-23T14:14:57Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2024-10-23T14:14:58Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-10-23T14:14:58Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-10-23T14:14:58Z WARN  gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Connecting to the portal: s**********l...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-10-23T14:14:59Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] No cached standard credential found, prompting the user...
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Received portal credential from the user
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-10-23T14:15:12Z INFO  gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********l...
[2024-10-23T14:15:12Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:12Z WARN  gpapi::gateway::login] Gateway login error: reason=<none>, status=404 Not Found, response=<html>
    <head><title>404 Not Found</title></head>
    <body>
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>

[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Gateway login failed: Gateway login error, reason: <none>
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: g**********l...
[2024-10-23T14:15:12Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Failed to connect the portal with prelogin: Portal prelogin error: Prelogin endpoint not found
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Trying to connect the portal as a gateway...
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: s**********l...
[2024-10-23T14:15:13Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Authenticating gateway...
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Performing gateway login, gateway: s**********l...
[2024-10-23T14:15:13Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: s**********l
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-10-23T14:15:13Z INFO  openconnect::ffi] openconnect version: v9.12-1build5
[2024-10-23T14:15:13Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-10-23T14:15:13Z INFO  openconnect::ffi] OS: win
[2024-10-23T14:15:13Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-10-23T14:15:13Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] MTU: 0
[2024-10-23T14:15:13Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-10-23T14:15:13Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 540 minutes.
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Idle timeout is 540 minutes.
[2024-10-23T14:15:13Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-10-23T14:15:13Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-10-23T14:15:13Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 93f4a95110c8d54231c87da891265d27.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-10-23T14:15:13Z INFO  openconnect::ffi] ESP session established with server
[2024-10-23T14:15:13Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-10-23T14:15:15Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-10-23T14:15:15Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-10-23T14:15:15Z INFO  gpgui::portal_connector] Connected to the gateway: s**********l
yuezk commented 1 week ago

Thanks for the logs, I'm looking into this. And will provide you with a snapshot version soon.

yuezk commented 1 week ago

@nfacha @mcflypl Can you help try the snapshot package below to see if it fixes your problem? Thanks.

https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/snapshot

nfacha commented 1 week ago

@nfacha @mcflypl Can you help try the snapshot package below to see if it fixes your problem? Thanks.

https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/snapshot

Will test and let you know

mcflypl commented 6 days ago

@yuezk I think it helped for me, thanks a lot! :)

nfacha commented 6 days ago

@yuezk From what i could test yesterday and this morning it is indeed working :)

yuezk commented 5 days ago

Thanks for your help. I'm going to release a new version soon.

yuezk commented 4 days ago

@nfacha @mcflypl The fix has been released in https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/v2.3.8

I would certainly prefer being able to disable remembering the credentials.

@DamnedElric This is also supported in this release.

Let me know if it doesn't work for you. Thanks.