yuezk
commented
2 months ago Try use gpauth <portal> --browser default 2>/dev/null | sudo gpclient connect <portal> --cookie-on-stdin to see if it helps.
Closed DavidPerezIngeniero closed 2 months ago
yuezk
commented
2 months ago Try use gpauth <portal> --browser default 2>/dev/null | sudo gpclient connect <portal> --cookie-on-stdin to see if it helps.
DavidPerezIngeniero
commented
2 months ago Thanks for your quick answer:
❯ gpauth vpn-ext.groupfcc.com --browser default 2>/dev/null | sudo gpclient connect vpn-ext.groupfcc.com --cookie-on-stdin
[sudo] senha para root:
[2024-09-17T09:40:58Z INFO gpclient::cli] gpclient started: 2.3.7 (2024-08-16)
[2024-09-17T09:40:58Z INFO gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2024-09-17T09:40:58Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-09-17T09:40:58Z INFO gpclient::connect] Reading cookie from standard input
[2024-09-17T09:42:33Z INFO gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect
[2024-09-17T09:42:33Z INFO gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-17T09:42:33Z INFO gpclient::connect] Connecting to the only available gateway: Gateway_ Proveedores (vpn-ext.groupfcc.com)
[2024-09-17T09:42:33Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect
[2024-09-17T09:42:34Z WARN gpapi::gateway::login] GP response error: reason=<none>, status=512 <unknown status code>, body=
var respStatus = "Error";
var respMsg = "Authentication failure: Invalid username or password";
thisForm.inputStr.value = "";
[2024-09-17T09:42:34Z INFO gpclient::connect] Gateway login failed: Gateway login error: <none>
[2024-09-17T09:42:34Z INFO gpclient::connect] Performing the gateway authentication...
[2024-09-17T09:42:34Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-09-17T09:42:34Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-09-17T09:42:34Z INFO gpclient::connect] Reading cookie from standard input
[2024-09-17T09:42:34Z INFO gpclient::connect] Failed to connect portal with prelogin: Failed to parse auth data
Error: Failed to parse auth dataI can provide more info if needed
yuezk
commented
2 months ago @DavidPerezIngeniero looks you finished the authentication in the external browser, and the gpclient received the auth cookie, but it fails in the following steps. Please try the following command to see if it helps.
gpclient connect <portal> --as-gateway
DavidPerezIngeniero
commented
2 months ago ❯ gpclient connect vpn-ext.groupfcc.com --as-gateway
[2024-09-17T16:11:06Z INFO gpclient::cli] gpclient started: 2.3.7 (2024-08-16)
[2024-09-17T16:11:06Z INFO gpclient::connect] Treating the server as a gateway
[2024-09-17T16:11:06Z INFO gpclient::connect] Performing the gateway authentication...
[2024-09-17T16:11:06Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-09-17T16:11:06Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-09-17T16:11:06Z INFO gpauth::cli] gpauth started: 2.3.7 (2024-08-16)
[2024-09-17T16:11:06Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
** (gpauth:111595): WARNING **: 18:11:06.726: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-09-17T16:11:06Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-09-17T16:11:06Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-09-17T16:11:07Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=J**********%3D
[2024-09-17T16:11:07Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-17T16:11:07Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-17T16:11:07Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-17T16:11:07Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-17T16:11:07Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-17T16:11:07Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-09-17T16:11:26Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=J**********%3D&client-request-id=c**********7
[2024-09-17T16:11:26Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-17T16:11:26Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-17T16:11:26Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-17T16:11:26Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-17T16:11:26Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-17T16:11:27Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=J**********%3D&client-request-id=c**********7
[2024-09-17T16:11:27Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-17T16:11:27Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-17T16:11:27Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-17T16:11:27Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-17T16:11:27Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=J**********%3D&client-request-id=c**********7
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-17T16:11:41Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-17T16:11:41Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-17T16:11:41Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-17T16:11:41Z WARN gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Load request cancelled
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-17T16:11:41Z INFO gpauth::auth_window] Got auth data from headers
[2024-09-17T16:11:41Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect
[2024-09-17T16:11:41Z INFO openconnect::ffi] openconnect version: v9.12
[2024-09-17T16:11:41Z INFO openconnect::ffi] User agent: PAN GlobalProtect
[2024-09-17T16:11:41Z INFO openconnect::ffi] VPNC script: /etc/openconnect/vpnc-script
[2024-09-17T16:11:41Z INFO openconnect::ffi] OS: linux
[2024-09-17T16:11:41Z INFO openconnect::ffi] CSD_USER: 1000
[2024-09-17T16:11:41Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-17T16:11:41Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-17T16:11:41Z INFO openconnect::ffi] MTU: 0
[2024-09-17T16:11:41Z INFO openconnect::ffi] DISABLE_IPV6: 0
[2024-09-17T16:11:41Z INFO openconnect::ffi] NO_DTLS: 0
[2024-09-17T16:11:41Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/getconfig.esp
[2024-09-17T16:11:46Z INFO openconnect::ffi] Connected to 194.224.17.201:443
[2024-09-17T16:11:46Z INFO openconnect::ffi] SSL negotiation with vpn-ext.groupfcc.com
[2024-09-17T16:11:46Z INFO openconnect::ffi] Connected to HTTPS on vpn-ext.groupfcc.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-17T16:11:47Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2024-09-17T16:11:47Z INFO openconnect::ffi] Idle timeout is 180 minutes.
[2024-09-17T16:11:47Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-17T16:11:47Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/hipreportcheck.esp
[2024-09-17T16:11:47Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 621f674185aac7da97fed7168f1a1bde.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-17T16:11:47Z INFO openconnect::ffi] ESP session established with server
[2024-09-17T16:11:47Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
mkdir: não foi possível criar o diretório “/var/run/vpnc”: Permissão negada
[2024-09-17T16:11:48Z WARN openconnect::ffi] Failed to bind local tun device (TUNSETIFF): Operation not permitted
[2024-09-17T16:11:48Z WARN openconnect::ffi] To configure local networking, openconnect must be running as root
See https://www.infradead.org/openconnect/nonroot.html for more information
mkdir: não foi possível criar o diretório “/var/run/vpnc”: Permissão negada
[2024-09-17T16:11:48Z WARN openconnect::ffi] Failed to bind local tun device (TUNSETIFF): Operation not permitted
[2024-09-17T16:11:48Z WARN openconnect::ffi] To configure local networking, openconnect must be running as root
See https://www.infradead.org/openconnect/nonroot.html for more information
[2024-09-17T16:11:48Z WARN openconnect::ffi] Set up tun device failed
[2024-09-17T16:11:48Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/logout.esp
[2024-09-17T16:11:48Z INFO openconnect::ffi] SSL negotiation with vpn-ext.groupfcc.com
[2024-09-17T16:11:48Z INFO openconnect::ffi] Connected to HTTPS on vpn-ext.groupfcc.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-17T16:11:48Z INFO openconnect::ffi] Logout successful.
[2024-09-17T16:11:48Z INFO openconnect::ffi] openconnect_mainloop returned -5, exitingI don't know how to use --csd-wrapper.
yuezk
commented
2 months ago @DavidPerezIngeniero Looks like it worked, just run the command as sudo.
DavidPerezIngeniero
commented
2 months ago It doesn't complain:
❯ sudo gpclient connect vpn-ext.groupfcc.com --as-gateway
[2024-09-20T09:50:02Z INFO gpclient::cli] gpclient started: 2.3.7 (2024-08-16)
[2024-09-20T09:50:02Z INFO gpclient::connect] Treating the server as a gateway
[2024-09-20T09:50:02Z INFO gpclient::connect] Performing the gateway authentication...
[2024-09-20T09:50:02Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-09-20T09:50:02Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-09-20T09:50:02Z INFO gpauth::cli] gpauth started: 2.3.7 (2024-08-16)
[2024-09-20T09:50:02Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
** (gpauth:2237): WARNING **: 11:50:03.169: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
Could not determine the accessibility bus address
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********X&RelayState=z**********%3D
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-20T09:50:03Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-20T09:50:03Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-20T09:50:03Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-20T09:50:03Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-09-20T09:50:05Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect Login
[2024-09-20T09:50:18Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********X&RelayState=z**********%3D&client-request-id=8**********4
[2024-09-20T09:50:18Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-20T09:50:18Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-20T09:50:18Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-20T09:50:18Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-20T09:50:18Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-20T09:50:19Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********X&RelayState=z**********%3D&client-request-id=8**********4
[2024-09-20T09:50:19Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-20T09:50:19Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-20T09:50:19Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-20T09:50:19Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-20T09:50:19Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-20T09:50:29Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********X&RelayState=z**********%3D&client-request-id=8**********4
[2024-09-20T09:50:29Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-20T09:50:29Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-20T09:50:29Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-20T09:50:29Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-20T09:50:29Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-20T09:50:30Z INFO gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-09-20T09:50:30Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-20T09:50:30Z INFO gpauth::auth_window] Got auth data from headers
[2024-09-20T09:50:30Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect
[2024-09-20T09:50:31Z INFO openconnect::ffi] openconnect version: v9.12
[2024-09-20T09:50:31Z INFO openconnect::ffi] User agent: PAN GlobalProtect
[2024-09-20T09:50:31Z INFO openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2024-09-20T09:50:31Z INFO openconnect::ffi] OS: linux
[2024-09-20T09:50:31Z INFO openconnect::ffi] CSD_USER: 1000
[2024-09-20T09:50:31Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-20T09:50:31Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-20T09:50:31Z INFO openconnect::ffi] MTU: 0
[2024-09-20T09:50:31Z INFO openconnect::ffi] DISABLE_IPV6: 0
[2024-09-20T09:50:31Z INFO openconnect::ffi] NO_DTLS: 0
[2024-09-20T09:50:31Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/getconfig.esp
[2024-09-20T09:50:31Z INFO openconnect::ffi] Connected to 194.224.17.201:443
[2024-09-20T09:50:31Z INFO openconnect::ffi] SSL negotiation with vpn-ext.groupfcc.com
[2024-09-20T09:50:31Z INFO openconnect::ffi] Connected to HTTPS on vpn-ext.groupfcc.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-20T09:50:31Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2024-09-20T09:50:31Z INFO openconnect::ffi] Idle timeout is 180 minutes.
[2024-09-20T09:50:31Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-20T09:50:31Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/hipreportcheck.esp
[2024-09-20T09:50:31Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 251bd3d6f74d648fe52a61a9f920ef37.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-20T09:50:31Z INFO openconnect::ffi] ESP session established with server
[2024-09-20T09:50:31Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-20T09:50:32Z INFO openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-20T09:50:32Z INFO openconnect::vpn] Connected to VPN, pipe_fd: 11
[2024-09-20T09:50:32Z INFO gpclient::connect] Wrote PID 2231 to /var/run/gpclient.lockThe only problem is that I lose all kind of connectivity with Internet. I cannot even browse to https://google.com
yuezk
commented
2 months ago What’s the OS? openSUSE?
DavidPerezIngeniero
commented
2 months ago Yes, you are a fortune teller! ;-) OpenSUSE Tumbleweed. x86 64 bits
I can try also in Arch Linux.
DavidPerezIngeniero
commented
2 months ago Same result with:
❯ cat /etc/os-release
NAME="CachyOS Linux"
PRETTY_NAME="CachyOS"
ID=cachyos
ID_LIKE=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://cachyos.org/"
DOCUMENTATION_URL="https://wiki.cachyos.org/"
SUPPORT_URL="https://forum.cachyos.org/"
BUG_REPORT_URL="https://github.com/cachyos"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=cachyos❯ sudo gpclient connect vpn-ext.groupfcc.com --as-gateway
[2024-09-22T07:17:01Z INFO gpclient::cli] gpclient started: 2.3.7 (2024-08-16)
[2024-09-22T07:17:01Z INFO gpclient::connect] Treating the server as a gateway
[2024-09-22T07:17:01Z INFO gpclient::connect] Performing the gateway authentication...
[2024-09-22T07:17:01Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-09-22T07:17:01Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-09-22T07:17:04Z INFO gpauth::cli] gpauth started: 2.3.7 (2024-08-16)
[2024-09-22T07:17:04Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
** (gpauth:62826): WARNING **: 09:17:04.488: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
Could not determine the accessibility bus address
[2024-09-22T07:17:04Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-09-22T07:17:04Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-09-22T07:17:05Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=R**********x
[2024-09-22T07:17:05Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-22T07:17:05Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-22T07:17:05Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-22T07:17:05Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-22T07:17:05Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-22T07:17:05Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-09-22T07:17:06Z INFO gpapi::utils::window] Window raised after 1 attempts
[2024-09-22T07:17:21Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=R**********x&client-request-id=a**********a
[2024-09-22T07:17:21Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-22T07:17:21Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-22T07:17:21Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-22T07:17:21Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-22T07:17:21Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-22T07:17:23Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=R**********x&client-request-id=a**********a
[2024-09-22T07:17:23Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-22T07:17:23Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-22T07:17:23Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-22T07:17:23Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-22T07:17:23Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=R**********x&client-request-id=a**********a
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-22T07:17:43Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-09-22T07:17:43Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-09-22T07:17:43Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-09-22T07:17:43Z INFO gpauth::auth_window] Got auth data from headers
[2024-09-22T07:17:43Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect
[2024-09-22T07:17:44Z INFO openconnect::ffi] openconnect version: v9.12
[2024-09-22T07:17:44Z INFO openconnect::ffi] User agent: PAN GlobalProtect
[2024-09-22T07:17:44Z INFO openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2024-09-22T07:17:44Z INFO openconnect::ffi] OS: linux
[2024-09-22T07:17:44Z INFO openconnect::ffi] CSD_USER: 1000
[2024-09-22T07:17:44Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-22T07:17:44Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-22T07:17:44Z INFO openconnect::ffi] MTU: 0
[2024-09-22T07:17:44Z INFO openconnect::ffi] DISABLE_IPV6: 0
[2024-09-22T07:17:44Z INFO openconnect::ffi] NO_DTLS: 0
[2024-09-22T07:17:44Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/getconfig.esp
[2024-09-22T07:17:44Z INFO openconnect::ffi] Connected to 194.224.17.201:443
[2024-09-22T07:17:44Z INFO openconnect::ffi] SSL negotiation with vpn-ext.groupfcc.com
[2024-09-22T07:17:45Z INFO openconnect::ffi] Connected to HTTPS on vpn-ext.groupfcc.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-22T07:17:45Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2024-09-22T07:17:45Z INFO openconnect::ffi] Idle timeout is 180 minutes.
[2024-09-22T07:17:45Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-22T07:17:45Z INFO openconnect::ffi] POST https://vpn-ext.groupfcc.com/ssl-vpn/hipreportcheck.esp
[2024-09-22T07:17:45Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 251bd3d6f74d648fe52a61a9f920ef37.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-22T07:17:45Z INFO openconnect::ffi] ESP session established with server
[2024-09-22T07:17:45Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-22T07:17:46Z INFO openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-22T07:17:46Z INFO openconnect::vpn] Connected to VPN, pipe_fd: 11
[2024-09-22T07:17:46Z INFO gpclient::connect] Wrote PID 62759 to /var/run/gpclient.lock@DavidPerezIngeniero can you try it with the --hip argument?
DavidPerezIngeniero
commented
2 months ago Now it works ok. Big thanks. Now I'm free to choose any Linux distro I like, instead of being obligated to use Fedora or Ubuntu.
The only disavantage respect to official GlobalProtect app, is when if I disconnect and reconnect again, I must login again. It's not so important.
Describe the bug No auth data found
Expected behavior It connects
Logs
Environment:
ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep: [Required for secure store error]