Cannot login after waking up: Gateway authentication failed

[teklabania]

After starting the application, everything works fine, I can connect/disconnect multiple times until I suspend my laptop. After waking up, globalprotect-openconnect fails to connect with the pop-up window:

Gateway authentication failed.

Error occurred on the gateway prelogin interface.

When I quit GlobalProtect from tray and start it again, everything gets back to normal and I can connect.

Arch Linux globalprotect-openconnect: 1.3.3-1

Logs:

Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.784 INFO  [318094] [GPClient::doConnect@245] Start connecting...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.784 INFO  [318094] [GPClient::doConnect@261] Start gateway login using the previously saved gateway...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.784 INFO  [318094] [GPClient::gatewayLogin@356] Performing gateway login...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.795 INFO  [318094] [GatewayAuthenticator::authenticate@30] Start gateway authentication...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.795 INFO  [318094] [GatewayAuthenticator::login@42] Trying to login the gateway at https://vpn.mycompany.com/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&computer=myhostname&ok=Login&direct=yes&clientVer=4100&os-version=Arch Linux&clientos=Mac&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.806 ERROR [318094] [GatewayAuthenticator::onLoginFinished@54] Failed to login the gateway at https://vpn.mycompany.com/ssl-vpn/login.esp, The specified configuration cannot be used.
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.806 INFO  [318094] [GatewayAuthenticator::doAuth@75] Perform the gateway prelogin at https://vpn.mycompany.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.807 ERROR [318094] [GatewayAuthenticator::onPreloginFinished@86] Failed to prelogin the gateway at https://vpn.mycompany.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac, The specified configuration cannot be used.
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.816 INFO  [318094] [PortalAuthenticator::authenticate@33] Preform portal prelogin at https://vpn.mycompany.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.819 ERROR [318094] [PortalAuthenticator::onPreloginFinished@44] Error occurred while accessing https://vpn.mycompany.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac, The specified configuration cannot be used.
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.819 INFO  [318094] [GPClient::onPortalPreloginFail@316] Portal prelogin failed: Error occurred on the portal prelogin interface.
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.819 INFO  [318094] [GPClient::tryGatewayLogin@337] Try to preform login on the the gateway interface...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.820 INFO  [318094] [GPClient::setAllGateways@427] Updating all the gateways...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.820 INFO  [318094] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.821 INFO  [318094] [GPClient::setCurrentGateway@447] Updating the current gateway to vpn.mycompany.com
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.821 INFO  [318094] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.823 INFO  [318094] [GPClient::gatewayLogin@356] Performing gateway login...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.833 INFO  [318094] [GatewayAuthenticator::authenticate@30] Start gateway authentication...
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.834 INFO  [318094] [GatewayAuthenticator::login@42] Trying to login the gateway at https://vpn.mycompany.com/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&computer=myhostname&ok=Login&direct=yes&clientVer=4100&os-version=Arch Linux&clientos=Mac&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.848 ERROR [318094] [GatewayAuthenticator::onLoginFinished@54] Failed to login the gateway at https://vpn.mycompany.com/ssl-vpn/login.esp, The specified configuration cannot be used.
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.848 INFO  [318094] [GatewayAuthenticator::doAuth@75] Perform the gateway prelogin at https://vpn.mycompany.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac
Sep 08 08:13:14 myhostname krunner[318094]: 2021-09-08 08:13:14.849 ERROR [318094] [GatewayAuthenticator::onPreloginFinished@86] Failed to prelogin the gateway at https://vpn.mycompany.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Mac, The specified configuration cannot be used.
Sep 08 08:16:51 myhostname gpclient[318094]: qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 5796, resource id: 14279733, major code: 40 (TranslateCoords), minor code: 0

[yuezk]

Thanks for your reporting, I will try to reproduce it and investigate.

[teklabania]

Maybe a whitespace in prot (Arch Linux) has something to do with the issue?

[rosancoderian]

It also happen in Linux mint

[rmcd1024]

I haven't seen the popup window, but on xubuntu 20.04, gpclient stops working after a suspend. I've found a workaround to be

pkill gpclient
gpclient &

[yosh-se]

same thing happens in Ubuntu 20.04. globalprotect-openconnect 1.3.4-ppa1 openconnect 8.10-2build1~ubuntu20.04.1

This is what I get after a resume;

2021-11-18 07:35:22.416 INFO  [2044112] [GPClient::onVPNLogAvailable@489] ESP detected dead peer
2021-11-18 07:35:27.414 INFO  [2044112] [GPClient::onVPNLogAvailable@489] Failed to connect ESP tunnel; using HTTPS instead.

And after I click reconnect without restarting the client

2021-11-18 07:36:37.057 INFO  [2044112] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...
2021-11-18 07:36:39.742 INFO  [2044112] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...
2021-11-18 07:36:39.872 INFO  [2044112] [GPClient::doConnect@245] Start connecting...
2021-11-18 07:36:39.873 INFO  [2044112] [GPClient::doConnect@270] Start disconnecting the VPN...
2021-11-18 07:36:39.878 INFO  [2044112] [GPClient::onVPNLogAvailable@489] Socket connect canceled
Failed to reconnect to host vpn.portal.com: Interrupted system call

[teklabania]

In fact I haven't seen this message for weeks. And I'm suspending a lot. Currently I use version 1.3.4-2 on Manjaro Linux. Recently I also switched to systemd-resolved, I don't know if it has any relevance.

[yuezk]

This could be the problem I'm going to resolve in the next step.

[christianodejesus]

The same issue happens with me today. I'm using Arch Linux, and after suspend / resume system, gpclient show me the alert with message "Gateway authentication failed". Searching in logs I found this: 2023-01-26 15:52:29.359 ERROR [4299] [PortalAuthenticator::onPreloginFinished@46] Error occurred while accessing https://vpn.mycompany.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux, The specified configuration cannot be used.

After kill gpclient and start it again, I can connect to the vpn normally.

S.O: Arch Linux (kernel 5.15.90-1-lts x86_64) gpclient: version: 1.4.9 openconnect: OpenConnect versão v9.01