https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/177249#M55300 <P>Hi again,</P><P>&nbsp;</P><P>It seems like the Linux Client will arrive "very soon" according to some sources I have <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 18 Sep 2017 10:07:46 GMT Jonathan1984 2017-09-18T10:07:46Z https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176715#M55218 <P>Hi,</P><P>&nbsp;</P><P>This is my first post, so please bear with me if this is the wrong forum of if this has been answered somewhere before..</P><P>&nbsp;</P><P>I am having issues connecting a Linux client to Globalprotect. I have tried to follow the following:</P><P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/Connect-Linux-Machine-to-GlobalProtect/ta-p/77307" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/Connect-Linux-Machine-to-GlobalProtect/ta-p/77307</A></P><P>&nbsp;</P><P>But that did not work, the client seems to be unable to speak to the server on port 500, I am getting a timeout everythime.</P><P>&nbsp;</P><P>I have also compiled strongswan for network-manager and it went well, but the client can't connect either. So here is the log:</P><P>&nbsp;</P><P>&nbsp;</P><PRE>Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471572.5478] audit: op="connection-activate" uuid="8006b232-f14b-47c6-b398-f392f2cb2e12" name="IKE" pid=20454 uid=1000 result="success"<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471572.5500] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: Saw the service appear; activating connection<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471572.6614] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN connection: (ConnectInteractive) reply received<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[CFG] received initiate for NetworkManager connection IKE<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[CFG] C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority is not self signed<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[CFG] E=contacto@procert.net.ve, L=Chacao, ST=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert is not self signed<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[CFG] using CA certificate, gateway identity 'vpn.gateway.com'<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[IKE] initiating IKE_SA IKE[4] to xxx.xxx.xxx.xxx<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga charon-nm: 05[NET] sending packet: from 192.168.43.118[48175] to xxx.xxx.xxx.xxx[500] (794 bytes)<BR />Sep 15 12:32:52 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471572.9543] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN plugin: state changed: starting (3)<BR />Sep 15 12:32:56 jonathan-ThinkPad-S1-Yoga charon-nm: 10[IKE] retransmit 1 of request with message ID 0<BR />Sep 15 12:32:56 jonathan-ThinkPad-S1-Yoga charon-nm: 10[NET] sending packet: from 192.168.43.118[48175] to xxx.xxx.xxx.xxx[500] (794 bytes)<BR />Sep 15 12:33:04 jonathan-ThinkPad-S1-Yoga charon-nm: 09[IKE] retransmit 2 of request with message ID 0<BR />Sep 15 12:33:04 jonathan-ThinkPad-S1-Yoga charon-nm: 09[NET] sending packet: from 192.168.43.118[48175] to xxx.xxx.xxx.xxx[500] (794 bytes)<BR />Sep 15 12:33:17 jonathan-ThinkPad-S1-Yoga charon-nm: 13[IKE] retransmit 3 of request with message ID 0<BR />Sep 15 12:33:17 jonathan-ThinkPad-S1-Yoga charon-nm: 13[NET] sending packet: from 192.168.43.118[48175] to xxx.xxx.xxx.xxx[500] (794 bytes)<BR />Sep 15 12:33:40 jonathan-ThinkPad-S1-Yoga charon-nm: 06[IKE] retransmit 4 of request with message ID 0<BR />Sep 15 12:33:40 jonathan-ThinkPad-S1-Yoga charon-nm: 06[NET] sending packet: from 192.168.43.118[48175] to xxx.xxx.xxx.xxx[500] (794 bytes)<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;warn&gt; [1505471633.0047] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN connection: connect timeout exceeded.<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: libnm-glib-Message: Connect timer expired, disconnecting.<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga charon-nm: 10[IKE] destroying IKE_SA in state CONNECTING without notification<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471633.0087] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN plugin: state changed: stopping (5)<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;warn&gt; [1505471633.0088] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN plugin: failed: login-failed (0)<BR />Sep 15 12:33:53 jonathan-ThinkPad-S1-Yoga NetworkManager[20036]: &lt;info&gt; [1505471633.0089] vpn-connection[0x1bfd7c0,8006b232-f14b-47c6-b398-f392f2cb2e12,"IKE",0]: VPN plugin: state changed: stopped (6)</PRE> Fri, 15 Sep 2017 11:04:20 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176715#M55218 Jonathan1984 2017-09-15T11:04:20Z https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176724#M55220 <P>Hi&nbsp;,</P> <P>&nbsp;</P> <P>Is your request actually&nbsp;reaching the firewall ?</P> <P>&nbsp;</P> <P><SPAN>Check on the firewall end to verify if sessions are getting formed, and if packets are getting dropped. Use dataplane debugs or captures combined with global counters to check the same. Check security policies, NAT, etc. to make sure traffic is not getting dropped.</SPAN></P> <P>&nbsp;</P> <P><SPAN>This might help :</SPAN></P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/Management-Articles/Troubleshooting-GlobalProtect/ta-p/75770" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/Troubleshooting-GlobalProtect/ta-p/75770</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>Cheers !</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> <P>&nbsp;</P> Fri, 15 Sep 2017 12:17:55 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176724#M55220 kiwi 2017-09-15T12:17:55Z https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176725#M55221 <P>Hi,</P><P>&nbsp;</P><P>Thoose packets is actually not reaching the firewall for some reason, doing a "netstat addresstoportal 500" does send some packages so there is no issues with the network from what I can see. I have tested from several Linux distros, several connections and several machines. All have the same issue.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Is there any plans for a Linux client for GlobalProtect?</P> Fri, 15 Sep 2017 12:23:54 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176725#M55221 Jonathan1984 2017-09-15T12:23:54Z https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176726#M55222 <P>Hi&nbsp;,</P> <P>&nbsp;</P> <P>Currently there's nothing on the roadmap with regards to a Linux client for GlobalProtect.</P> <P>There is however an existing feature request for it (FR #<SPAN>3324).</SPAN></P> <P>&nbsp;</P> <P>I recommend that you reach out to your local SE and have him add your vote to this FR !</P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> <P>&nbsp;</P> Fri, 15 Sep 2017 12:32:09 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/176726#M55222 kiwi 2017-09-15T12:32:09Z https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/177249#M55300 <P>Hi again,</P><P>&nbsp;</P><P>It seems like the Linux Client will arrive "very soon" according to some sources I have <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 18 Sep 2017 10:07:46 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-linux-machine-to-globalprotect/m-p/177249#M55300 Jonathan1984 2017-09-18T10:07:46Z