[EXT] Re: Unable to connect to GlobalProtect VPN

Daniel Lenski dlenski at gmail.com
Mon Aug 21 14:19:48 PDT 2023 

On Thu, Aug 17, 2023 at 11:04 AM Anthony Becker <abecker at sigcorp.com> wrote:
> Hi Daniel –
>
>  Here is the openconnect version output:
>
>  sshuser at oakvpn:~$ openconnect --version
> OpenConnect version v8.20-1
> Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
> Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
> Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
>
> Neither “--clientos=Windows” nor “--usergroup=gateway:prelogin-cookie” worked for me – I received the same error messages as before.

Got it.

Subsequent to the v8.20 release, we've made several small improvements
to the GlobalProtect authentication-handling code. In particular,
https://gitlab.com/openconnect/openconnect/-/commit/51586b29.

14:15 $ git log --decorate=no --oneline v8.20..v9.12 auth-globalprotect.c
https://gitlab.com/openconnect/openconnect/-/commit/bf4338c6 Ignore
blank labels sent in GlobalProtect prelogin
https://gitlab.com/openconnect/openconnect/-/commit/c0d2daea Save
GlobalProtect version reported by portal and parrot it back as client
version
https://gitlab.com/openconnect/openconnect/-/commit/27284f83 Prevent
crash on unexpected response for GlobalProtect portal prelogin XML
https://gitlab.com/openconnect/openconnect/-/commit/ce214b87 Expand
comment about potentially-useful information in GP portal
configuration
https://gitlab.com/openconnect/openconnect/-/commit/9164e21e Clearer
error message when GlobalProtect portal configuration contains no
gateways at all
https://gitlab.com/openconnect/openconnect/-/commit/51586b29 GP: add
'internal=no' flag to the login and configuration requests
https://gitlab.com/openconnect/openconnect/-/commit/07386df8 No
embedded URLs in translatable strings
https://gitlab.com/openconnect/openconnect/-/commit/c58464a8 Declare C
string constants using array syntax
https://gitlab.com/openconnect/openconnect/-/commit/ff13a983 GP SAML:
support legacy workflow
https://gitlab.com/openconnect/openconnect/-/commit/3d0a3247 GP SAML:
handle redirect case
https://gitlab.com/openconnect/openconnect/-/commit/a287bc00 GP SAML:
fix some memory handling
https://gitlab.com/openconnect/openconnect/-/commit/c4c813ec start
adding GP SSO support

There's no guarantee that any of this will make a difference for your
issue (as I said before, I haven't seen that exactly error message),
but I would still recommend building and testing OpenConnect v9.12.
Please let us know if you get same/different results with v9.12.

Daniel

More information about the openconnect-devel mailing list