search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.33k stars 150 forks source link

Can't connect to school server #428

Closed Jamming17 closed 3 weeks ago

Jamming17 commented 3 weeks ago

Describe the bug Failing to connect to the school server on both CLI and GUI versions. I have correct authentication details

Expected behavior Connects fine to the server

Logs Logs from ~/.local/share/gpclient/gpclient.log (after clicking the Connect button on the GUI):

[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Connecting to the portal: g**********k...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-19T11:34:27Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:27Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2024-09-19T11:34:27Z INFO  gpapi::process::browser_authenticator] Launching the default browser...
[2024-09-19T11:34:27Z INFO  gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Received gp callback from the browser
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-19T11:34:28Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:28Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********k...
[2024-09-19T11:34:28Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:28Z WARN  gpapi::gateway::login] GP response error: reason=<none>, status=512 <unknown status code>, body=<html>
      <head></head>
      <body>
      var respStatus = "Error";
      var respMsg = "";
      thisForm.inputStr.value = "";
    </body>
    </html>
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Gateway login failed: Gateway login error: <none>
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: g**********k...
[2024-09-19T11:34:28Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:28Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Authenticating gateway...
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2024-09-19T11:34:28Z INFO  gpapi::process::browser_authenticator] Launching the default browser...
[2024-09-19T11:34:28Z INFO  gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-09-19T11:34:29Z INFO  gpgui::portal_connector] Received gp callback from the browser
[2024-09-19T11:34:29Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********k...
[2024-09-19T11:34:29Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:29Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: g**********k
[2024-09-19T11:34:29Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-09-19T11:34:29Z INFO  openconnect::ffi] openconnect version: v9.12
[2024-09-19T11:34:29Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Arch Linux)
[2024-09-19T11:34:29Z INFO  openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2024-09-19T11:34:29Z INFO  openconnect::ffi] OS: linux
[2024-09-19T11:34:29Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-09-19T11:34:29Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-19T11:34:29Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-19T11:34:29Z INFO  openconnect::ffi] MTU: 0
[2024-09-19T11:34:29Z INFO  openconnect::ffi] DISABLE_IPV6: 0
[2024-09-19T11:34:29Z INFO  openconnect::ffi] NO_DTLS: 0
[2024-09-19T11:34:29Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-19T11:34:29Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-09-19T11:34:29Z INFO  gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect
[2024-09-19T11:34:29Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-19T11:34:29Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-19T11:34:29Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2024-09-19T11:34:29Z INFO  openconnect::ffi] Idle timeout is 180 minutes.
[2024-09-19T11:34:29Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-19T11:34:29Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-19T11:34:29Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 1495368db072df3faf7b2836eca797c8.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-19T11:34:29Z INFO  openconnect::ffi] ESP session established with server
[2024-09-19T11:34:29Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-19T11:34:30Z INFO  gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect
[2024-09-19T11:34:41Z WARN  openconnect::ffi] Failed to open tun device: No such device
[2024-09-19T11:34:52Z WARN  openconnect::ffi] Failed to open tun device: No such device
[2024-09-19T11:34:52Z WARN  openconnect::ffi] Set up tun device failed
[2024-09-19T11:34:52Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/logout.esp
[2024-09-19T11:34:52Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-19T11:34:52Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-09-19T11:34:52Z INFO  openconnect::ffi] Logout successful.
[2024-09-19T11:34:52Z INFO  openconnect::ffi] openconnect_mainloop returned -5, exiting
[2024-09-19T11:34:52Z WARN  gpgui::portal_connector] Failed to connect to the gateway: g**********k

Environment:

Additional context After clicking Connect, a page opens in Firefox (my default browser) saying Authentication complete. On the GlobalProtect GUI, the circle keeps loading and eventually gives up, returning to the Not Connected state. Also, it is not a problem with the server because I can connect on Windows just fine.

yuezk commented 3 weeks ago

@Jamming17 did this client ever work before? Did you upgrade the system recently and can you try to reboot and see if it works? Thanks.

Jamming17 commented 3 weeks ago

lol okay, a simple reboot made it start working. Should maybe have tried that first, but I didn't see why that would change anything. Sorry about that! Thanks for your time :) Also this is my first time ever using this on Linux, just in case you were wondering.