Connection fails with a "Matching client config not found" error message

[dgiraldoc2c]

Describe the bug I can't connect to a VPN portal, though, I can connect with my credentials from a colleague's machine :

• Same error with gui or cli (see the logs)
• With the gui version, at the end of the process, there is no even an error message, the button "Connect" becomes available again.

Expected behavior

• I launch the gui version (gpclient --launch gui)
• Check to portal address => It's fine. Click on "Connect"
• Enter my credentials (if previously cleared them, otherwise there's no need)
• I enter the credentials + authenticator app token

EXPECTED : I should be logged in What I get : The client come's back to the pre-connection state, inviting me to connect.

IMPORTANT : Googling the error I get on the logs, according to Palo Alto in this link, it could be a configuration error with my account. Nevertheless, this hypothesis is excluded since using MY CREDENTIALS on my colleague's computer, I can connect.

What I tried : Reinstalling the program through an "apt remove" + checking that there were no gpclient files anymore inside my ".local" folder, and reinstalling the program through "apt install". (Note : my credential still were in cache after that, I cleaned them through the gui client feature that allows that)

Screenshots I have exactly the same credentials and configuration than my colleague, excepted for the client version Besides that

Logs

• GUI VERSION :

  
  [2024-11-25T14:47:46Z INFO  gpservice::cli] gpservice started: 2.3.9 (2024-11-02)
  [2024-11-25T14:47:46Z INFO  gpservice::ws_server] WS server listening on port: 38455
  [2024-11-25T14:47:46Z INFO  gpapi::process::gui_launcher] Version check passed: 2.3.9
  [2024-11-25T14:47:46Z INFO  gpapi::process::gui_launcher] Launching gpgui
  [2024-11-25T14:47:46Z INFO  gpgui::cli] gpgui started: 2.3.9 (2024-11-02)
  [2024-11-25T14:47:46Z INFO  gpgui::app] Setting the custom openssl conf path
  [2024-11-25T14:47:46Z INFO  gpgui::config::private_data] Loaded config key from keyring
  [2024-11-25T14:47:46Z INFO  gpgui::app::app_initializer] App initialized
  [2024-11-25T14:47:46Z INFO  gpgui::ws_connector] Connecting to WS server
  [2024-11-25T14:47:46Z INFO  gpgui::ws_connector] Received ping
  [2024-11-25T14:47:46Z INFO  gpgui::ws_connector] Connected to WS server
  [2024-11-25T14:47:46Z INFO  gpservice::handlers] New client connected
  [2024-11-25T14:47:46Z INFO  gpservice::ws_server] Sending current VPN state to new client

(gpgui:19264): WARNING : 15:47:46.952: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing. [2024-11-25T14:47:47Z INFO gpgui::handlers::subscription] Sending the init event to client: main [2024-11-25T14:47:47Z INFO gpgui::handlers::subscription] Sent the init event to client: main [2024-11-25T14:47:48Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Connecting to the portal: g**r... [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Trying to connect the gateway directly... [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Try login the gateway with prelogin... [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Gateway prelogin, gateway: g**r... [2024-11-25T14:47:51Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Pop!_OS 22.04 LTS) [2024-11-25T14:47:51Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Pop!_OS 22.04 LTS) [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Authenticating gateway... [2024-11-25T14:47:51Z INFO gpgui::portal_connector] Launching SAML authentication... [2024-11-25T14:47:51Z INFO gpauth::cli] gpauth started: 2.3.9 (2024-11-02) [2024-11-25T14:47:51Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Pop!_OS 22.04 LTS)

(gpauth:19359): WARNING : 15:47:51.900: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing. [2024-11-25T14:47:52Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 [2024-11-25T14:47:52Z INFO gpauth::auth_window] Load the SAML request as HTML... [2024-11-25T14:47:52Z INFO gpauth::auth_window] Loaded uri: about:blank [2024-11-25T14:47:52Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:47:52Z INFO gpauth::auth_window] No headers found in response [2024-11-25T14:47:52Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T14:47:52Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T14:47:52Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T14:47:52Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T14:47:52Z INFO gpauth::auth_window] Raise window cancelled [2024-11-25T14:47:52Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?client_id=h**********P&tab_id=m**********Q [2024-11-25T14:47:52Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:47:52Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T14:47:52Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T14:47:52Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T14:47:52Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T14:47:52Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T14:47:54Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect Login [2024-11-25T14:48:08Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?session_code=a**********U&execution=f**********2&client_id=h**********P&tab_id=m**********Q [2024-11-25T14:48:08Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:48:08Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T14:48:08Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T14:48:08Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T14:48:08Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T14:48:26Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?session_code=M**********o&execution=0**********3&client_id=h**********P&tab_id=m**********Q [2024-11-25T14:48:26Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:48:26Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T14:48:26Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T14:48:26Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T14:48:26Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T14:48:34Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?session_code=C**********I&execution=0**********3&client_id=h**********P&tab_id=m**********Q [2024-11-25T14:48:34Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:48:34Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T14:48:34Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T14:48:34Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T14:48:34Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T14:48:34Z INFO gpauth::auth_window] Loaded uri: https://g**********r/SAML20/SP/ACS [2024-11-25T14:48:34Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T14:48:34Z INFO gpauth::auth_window] Got auth data from headers [2024-11-25T14:48:35Z INFO gpgui::portal_connector] Performing gateway login, gateway: g**r... [2024-11-25T14:48:35Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Pop!_OS 22.04 LTS) [2024-11-25T14:48:35Z INFO gpgui::portal_connector] Gateway login succeeded, gateway: g**r [2024-11-25T14:48:35Z INFO gpgui::portal_connector] Connecting to the gateway... [2024-11-25T14:48:35Z INFO openconnect::ffi] openconnect version: v8.20-1 [2024-11-25T14:48:35Z INFO openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Pop!_OS 22.04 LTS) [2024-11-25T14:48:35Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script [2024-11-25T14:48:35Z INFO openconnect::ffi] OS: linux [2024-11-25T14:48:35Z INFO openconnect::ffi] CSD_USER: 1151 [2024-11-25T14:48:35Z INFO openconnect::ffi] CSD_WRAPPER: (null) [2024-11-25T14:48:35Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300 [2024-11-25T14:48:35Z INFO openconnect::ffi] MTU: 0 [2024-11-25T14:48:35Z INFO openconnect::ffi] DISABLE_IPV6: 0 [2024-11-25T14:48:35Z INFO openconnect::ffi] NO_DTLS: 0 [2024-11-25T14:48:35Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp

[2024-11-25T14:48:35Z INFO openconnect::ffi] SSL negotiation with [**] [2024-11-25T14:48:35Z INFO openconnect::ffi] Connected to HTTPS on [**] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) [2024-11-25T14:48:35Z WARN openconnect::ffi] Matching client config not found [2024-11-25T14:48:35Z WARN openconnect::ffi] openconnect_make_cstp_connection failed [2024-11-25T14:48:35Z WARN gpgui::portal_connector] Failed to connect to the gateway: g**r [2024-11-25T14:55:47Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect [2024-11-25T14:55:54Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect

(gpgui:19264): WARNING : 16:01:01.918: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing. [2024-11-25T15:01:02Z INFO gpgui::handlers::subscription] Sending the init event to client: settings [2024-11-25T15:01:02Z INFO gpgui::handlers::subscription] Sent the init event to client: settings [2024-11-25T15:01:03Z INFO gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect Settings

- **CLI VERSION** :

(runned control : sudo gpclient connect g[HIDING FOR CONFIDENTIALITY]r) `[2024-11-25T15:08:34Z INFO gpclient::cli] gpclient started: 2.3.9 (2024-11-02) [2024-11-25T15:08:34Z INFO gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect [2024-11-25T15:08:34Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect [2024-11-25T15:08:35Z INFO gpauth::cli] gpauth started: 2.3.9 (2024-11-02) [2024-11-25T15:08:35Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect

(gpauth:20490): WARNING : 16:08:35.501: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing. [2024-11-25T15:08:35Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 [2024-11-25T15:08:35Z INFO gpauth::auth_window] Load the SAML request as HTML... [2024-11-25T15:08:35Z INFO gpauth::auth_window] Loaded uri: about:blank [2024-11-25T15:08:35Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:35Z INFO gpauth::auth_window] No headers found in response [2024-11-25T15:08:35Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T15:08:35Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T15:08:35Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T15:08:35Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T15:08:35Z INFO gpauth::auth_window] Raise window cancelled [2024-11-25T15:08:36Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?client_id=h**********P&tab_id=X**********8 [2024-11-25T15:08:36Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:36Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T15:08:36Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T15:08:36Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T15:08:36Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T15:08:36Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T15:08:36Z INFO gpauth::auth_window] Raise window cancelled [2024-11-25T15:08:37Z INFO gpauth::auth_window] Loaded uri: https://g**********r/SAML20/SP/ACS [2024-11-25T15:08:37Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:37Z INFO gpauth::auth_window] Got auth data from headers [2024-11-25T15:08:37Z INFO gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect [2024-11-25T15:08:37Z INFO gpapi::portal::config] Found internal-host-detection, performing DNS lookup [2024-11-25T15:08:37Z WARN gpapi::portal::config] rDNS lookup failed for 10.20.200.250: failed to lookup address information: Name or service not known [2024-11-25T15:08:37Z INFO gpapi::gateway::parse_gateways] Try to parse the external gateways... [2024-11-25T15:08:37Z INFO gpclient::connect] Connecting to the only available gateway: External_Gateway (g[HIDING FOR CONFIDENTIALITY]r) [2024-11-25T15:08:37Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect [2024-11-25T15:08:38Z WARN gpapi::gateway::login] GP response error: reason=, status=512 , body=

  <body>
  var respStatus = "Error";
  var respMsg = "Authentication failure: Invalid username or password";
  thisForm.inputStr.value = "";
</body>
</html>

[2024-11-25T15:08:38Z INFO gpclient::connect] Gateway login failed: Gateway login error: [2024-11-25T15:08:38Z INFO gpclient::connect] Performing the gateway authentication... [2024-11-25T15:08:38Z INFO gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect [2024-11-25T15:08:38Z INFO gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect [2024-11-25T15:08:38Z INFO gpauth::cli] gpauth started: 2.3.9 (2024-11-02) [2024-11-25T15:08:38Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect

(gpauth:20642): WARNING : 16:08:38.461: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing. [2024-11-25T15:08:38Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 [2024-11-25T15:08:38Z INFO gpauth::auth_window] Load the SAML request as HTML... [2024-11-25T15:08:38Z INFO gpauth::auth_window] Loaded uri: about:blank [2024-11-25T15:08:38Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:38Z INFO gpauth::auth_window] No headers found in response [2024-11-25T15:08:38Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T15:08:38Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T15:08:38Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T15:08:38Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T15:08:38Z INFO gpauth::auth_window] Raise window cancelled [2024-11-25T15:08:39Z INFO gpauth::auth_window] Loaded uri: https://s**********r/auth/realms/Security/login-actions/authenticate?client_id=h**********P&tab_id=0**********k [2024-11-25T15:08:39Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:39Z INFO gpauth::auth_window] No saml-auth-status header found [2024-11-25T15:08:39Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body... [2024-11-25T15:08:39Z INFO gpauth::auth_window] Failed to read auth data from body: No auth data found [2024-11-25T15:08:39Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint [2024-11-25T15:08:39Z INFO gpauth::auth_window] Raise window in 1 second(s) [2024-11-25T15:08:39Z INFO gpauth::auth_window] Raise window cancelled [2024-11-25T15:08:40Z INFO gpauth::auth_window] Loaded uri: https://g**********r/SAML20/SP/ACS [2024-11-25T15:08:40Z INFO gpauth::auth_window] Trying to read auth data from response headers... [2024-11-25T15:08:40Z INFO gpauth::auth_window] Got auth data from headers Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea' Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea' [2024-11-25T15:08:40Z INFO gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect [2024-11-25T15:08:40Z INFO openconnect::ffi] openconnect version: v8.20-1 [2024-11-25T15:08:40Z INFO openconnect::ffi] User agent: PAN GlobalProtect [2024-11-25T15:08:40Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script [2024-11-25T15:08:40Z INFO openconnect::ffi] OS: linux [2024-11-25T15:08:40Z INFO openconnect::ffi] CSD_USER: 1151 [2024-11-25T15:08:40Z INFO openconnect::ffi] CSD_WRAPPER: (null) [2024-11-25T15:08:40Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300 [2024-11-25T15:08:40Z INFO openconnect::ffi] MTU: 0 [2024-11-25T15:08:40Z INFO openconnect::ffi] DISABLE_IPV6: 0 [2024-11-25T15:08:40Z INFO openconnect::ffi] NO_DTLS: 0 [2024-11-25T15:08:40Z INFO openconnect::ffi] POST https://g[HIDING FOR CONFIDENTIALITY]r/ssl-vpn/getconfig.esp [2024-11-25T15:08:40Z INFO openconnect::ffi] Connected to 185.44.47.10:443 [2024-11-25T15:08:40Z INFO openconnect::ffi] SSL negotiation with g[HIDING FOR CONFIDENTIALITY]r [2024-11-25T15:08:40Z INFO openconnect::ffi] Connected to HTTPS on g[HIDING FOR CONFIDENTIALITY]r with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) [2024-11-25T15:08:40Z WARN openconnect::ffi] Matching client config not found [2024-11-25T15:08:40Z WARN openconnect::ffi] openconnect_make_cstp_connection failed

**Environment:**
- OS: POP Os 22.04 (based upon Ubuntu 22.04)
- For the version of the gpclient see the previous screenshots

**Additional context**
Relatively high priority. Thanks for your help!

[dgiraldoc2c]

Note : it used to work fine one month ago or so with the CLI version (didn't own the GUI version back then)

[yuezk]

@dgiraldoc2c can you help change the ClientOS to Windows or macOS to see if it works?

Might related to #96, #85

[dgiraldoc2c]

Hello @yuezk ,

I did that (with windows and macOS), but it's still not working.

Also, I uninstalled the app, I removed all folders and files related to globalprotect or gpclient (or gpgui, gpauth, gplicence, or containing yuezk, etc.), excepted for those linked to aptitude (most of the files I removed were located in my home folder, in .local/, .cache/, .config/, etc.)

After that I restarted my computer and reinstalled the client. Of course it asked me again for license, etc.

I then tried to connect but still got the same error...

[yuezk]

Hi @dgiraldoc2c ,

According to the search results and the user feedback, this error is more like a configuration problem (maybe both the server and the client sides).

Reinstalling the clients won't help. You can try the following ways to see if it works. Feel free to contact me via email if it still doesn't work. And I will refund you. Thanks for your support!

First, try to connect the portal as a gateway to see if it works.

sudo gpclient connect <portal> --as-gateway

Second, try to authentication the portal using the external browser to see if it works.

sudo gpclient connect <portal> --default-browser

And the --default-browser with the --as-gateway option:

sudo gpclient connect <portal> --default-browser --as-gateway

[dgiraldoc2c]

Hello! Thanks for coming back to me. Tried all those solutions, it's failing with the same error (authentication through browser, as gateway, and both) I don't think there is problem on the server side since as it's working from my colleague's post, with my account. My colleague is on 2.7 and me on 2.9. Just this morning, another colleague who's on 2.9 also tried to connect with her account, she had the same error than me. => I'll try to backport my version to 2.7 and see if it works. I'll keep you updated.

Thanks a lot!

[yuezk]

Do you mean that 2.3.7? To install it, you can uninstall the old one and download the assets from https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/v2.3.7

Then install it with your package manager.

[dgiraldoc2c]

I also tried that (install 2.3.7). It didn't work. I'm falling short on ideas...

[yuezk]

Hi @dgiraldoc2c, sorry it doesn't work. I have several questions:

• Does your colleague use the same OS as you?
• Let your colleague clear your cached credential and try to authenticate again to see if it still works.
• The last attempt could be to let your colleague upgrade the client to 2.3.9 to see if it still works.

Anyway, feel free to contact me via email with the license details and I can refund you since this software doesn't work for you. The same for your other colleagues who have been experiencing the same problem.