Connection issues with globalprotect VPN

Reply
Highlighted
L1 Bithead

Connection issues with globalprotect VPN

I am the only Linux user in our 4000 person company.  The company got me the linux client, but they don't want to support it.  I hope that somebody here can help.

 

Note that I replaced our gateway address with x.x.x.x since I don't want to expose the company's gateway. 

 

I have the following processes running in my system, started at boot...

1057 ? Ssl 0:35 /opt/paloaltonetworks/globalprotect/PanGPS
1792 ? Sl 0:55 /opt/paloaltonetworks/globalprotect/PanGPA start

 

I execute this command (with and without sudo)

globalprotect connect --gateway x.x.x.x    

 

The gateway is taken from a windows box that is connected, and has a status screen. 

 

While I do this, I watch my interfaces with

sudo tcpdump -i enp0s31f6 host x.x.x.x

 

I see no activity on the interface, and my globalprotect command is just sitting with no output. 

 

Netstat -plant shows 

edg@edglaptop ~ $ sudo netstat -plant|grep -i pang
tcp 6 0 127.0.0.1:4767 0.0.0.0:* LISTEN 1057/PanGPS
tcp 0 0 127.0.0.1:48118 127.0.0.1:4767 ESTABLISHED 1792/PanGPA
tcp 0 0 127.0.0.1:4767 127.0.0.1:48118 ESTABLISHED 1057/PanGPS

 

It doesn't look like there is anything outgoing from PanGPA or PanGPS. 

 

Just now, as I am finishing this email, my tcpdump is starting to show some activity...

 

edg@edglaptop ~ $ sudo tcpdump -i enp0s31f6 host x.x.x.x
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes

 

15:26:53.543285 IP x.x.x.x.4501 > user-216.60690: UDP, length 116
15:26:53.543293 IP x.x.x.x.4501 > user-216.60690: UDP, length 100
15:26:53.707754 IP x.x.x.x.4501 > user-216.60690: UDP, length 100
15:27:01.643789 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.643816 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.644747 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.644846 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.646285 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.646446 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:01.650311 IP user-216.60690 > x.x.x.x.4501: UDP, length 84
15:27:05.908916 IP x.x.x.x.4501 > user-216.60690: UDP, length 420
15:27:09.718243 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:09.718281 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:09.718285 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:09.718426 IP x.x.x.x.4501 > user-216.60690: UDP, length 1444
15:27:09.718611 IP x.x.x.x.4501 > user-216.60690: UDP, length 1140
15:27:11.632045 IP x.x.x.x.4501 > user-216.60690: UDP, length 84
15:27:11.788839 IP x.x.x.x.4501 > user-216.60690: UDP, length 116
15:27:13.664323 IP x.x.x.x.4501 > user-216.60690: UDP, length 100
15:27:17.719267 IP x.x.x.x.4501 > user-216.60690: UDP, length 84
15:27:17.719741 IP x.x.x.x.4501 > user-216.60690: UDP, length 84

 

I still don't see an address in ifconfig, nor any output from the command.   

 

I control-c exited from the command.  

 

Over in another window, I tried 

edg@edglaptop ~ $ globalprotect
Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.
edg@edglaptop ~ $

 

So I'm stumped.  

 

Can somebody point me to a resource, or tell me how it is supposed to work? 

 

Thanks

Highlighted
L3 Networker

Re: Connection issues with globalprotect VPN

Use the globalprotect show --error command to view errors reported by the app.

user@linuxhost:~$ globalprotect show --error

 

 

And make sure if your system is reachable to the VPN portal and gateways by running 'ping gp.yourcompanydomain.com' (ICMP could be blocked), or 'telnet gp.yourcompanydomain.com 443'. Also, UDP/4501 is used for IPSec tunnel connections between the GlobalProtect agents and Gateways.

 

--
"The Simplicity is the ultimate sophistication." - Leonardo da Vinci.
Highlighted
L1 Bithead

Re: Connection issues with globalprotect VPN

Thanks for the response. I followed the suggestions given above, with no good result.  

 

Here are some more details: 

 

After starting globalprotect at the command line, I issued a connect command specifying my proxy. 

 

I had a tcpdump running and recorded some traffic, followed by the "Do you want to continue(y/n)?y"  prompt.  I answered yes, and there was some additional traffic between me and the distant end, but it stopped and the client did not return to a prompt.  I sent the last packet. 

Here is the packet trace:

 

 

edg@edglaptop ~ $ sudo tcpdump -i enp0s31f6 host gp.xxxxxxxx.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
07:50:54.114663 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [S], seq 3851682544, win 29200, options [mss 1460,sackOK,TS val 2726478986 ecr 0,nop,wscale 2], length 0
07:50:54.140274 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [S.], seq 3221140796, ack 3851682545, win 65535, options [mss 1460,wscale 2,nop,nop,nop,sackOK], length 0
07:50:54.140340 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [.], ack 1, win 7300, length 0
07:50:54.141107 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [P.], seq 1:292, ack 1, win 7300, length 291
07:50:54.168307 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [.], seq 1:1461, ack 292, win 65535, length 1460
07:50:54.168394 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [.], seq 1461:2921, ack 292, win 65535, length 1460
07:50:54.168424 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [P.], seq 2921:4165, ack 292, win 65535, length 1244
07:50:54.282923 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [P.], seq 4165:4216, ack 866, win 65535, length 51
07:50:54.283656 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [P.], seq 866:897, ack 4216, win 9490, length 31
07:50:54.284022 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [F.], seq 897, ack 4216, win 9490, length 0
07:50:54.309036 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [P.], seq 4216:4247, ack 897, win 65535, length 31
07:50:54.309116 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [R], seq 3851683441, win 0, length 0
07:50:54.309224 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47064: Flags [F.], seq 4247, ack 898, win 65535, length 0
07:50:54.309243 IP edglaptop.yyyyyyyyyyyyyyy.com.47064 > 999.999.999.999.https: Flags [R], seq 3851683442, win 0, length 0
07:50:59.272666 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [S], seq 2421861620, win 29200, options [mss 1460,sackOK,TS val 2726484144 ecr 0,nop,wscale 2], length 0
07:50:59.298515 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [S.], seq 2568488179, ack 2421861621, win 65535, options [mss 1460,wscale 2,nop,nop,nop,sackOK], length 0
07:50:59.298598 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 1, win 7300, length 0
07:50:59.298820 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [P.], seq 1:292, ack 1, win 7300, length 291
07:50:59.325283 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 1:1461, ack 292, win 65535, length 1460
07:50:59.325342 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 1461:2921, ack 292, win 65535, length 1460
07:50:59.325385 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 2921:4165, ack 292, win 65535, length 1244
07:50:59.325409 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 1461, win 8030, length 0
07:50:59.325435 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 2921, win 8760, length 0
07:50:59.325447 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 4165, win 9490, length 0
07:50:59.327281 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [P.], seq 292:866, ack 4165, win 9490, length 574
07:50:59.431929 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 4165:4216, ack 866, win 65535, length 51
07:50:59.434440 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [P.], seq 866:1258, ack 4216, win 9490, length 392
07:50:59.529870 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 4216:5676, ack 1258, win 65535, length 1460
07:50:59.529972 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 5676:5705, ack 1258, win 65535, length 29
07:50:59.530014 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 5705, win 10220, length 0
07:50:59.530028 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 5705:7165, ack 1258, win 65535, length 1460
07:50:59.530042 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 7165:7194, ack 1258, win 65535, length 29
07:50:59.530084 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 7194, win 10950, length 0
07:50:59.530101 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 7194:8654, ack 1258, win 65535, length 1460
07:50:59.530127 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 8654:8683, ack 1258, win 65535, length 29
07:50:59.530161 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 8683, win 11680, length 0
07:50:59.530339 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 10172:11632, ack 1258, win 65535, length 1460
07:50:59.530491 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 11632:11661, ack 1258, win 65535, length 29
07:50:59.530533 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 11661, win 13140, length 0
07:50:59.530544 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 11661:13121, ack 1258, win 65535, length 1460
07:50:59.530555 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 13121:13150, ack 1258, win 65535, length 29
07:50:59.530568 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 13150, win 13870, length 0
07:50:59.556055 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [.], seq 13150:14610, ack 1258, win 65535, length 1460
07:50:59.556120 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 14610:14639, ack 1258, win 65535, length 29
07:50:59.556153 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [.], ack 14639, win 14600, length 0
07:50:59.556165 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 14639:15256, ack 1258, win 65535, length 617
07:50:59.556328 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [P.], seq 1258:1289, ack 15256, win 15330, length 31
07:50:59.556615 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [F.], seq 1289, ack 15256, win 15330, length 0
07:50:59.582115 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [P.], seq 15256:15287, ack 1289, win 65535, length 31
07:50:59.582530 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [R], seq 2421862909, win 0, length 0
07:50:59.582643 IP 999.999.999.999.https > edglaptop.yyyyyyyyyyyyyyy.com.47066: Flags [F.], seq 15287, ack 1290, win 65535, length 0
07:50:59.582831 IP edglaptop.yyyyyyyyyyyyyyy.com.47066 > 999.999.999.999.https: Flags [R], seq 2421862910, win 0, length 0

 

So I'm not sure why the other end stops sending, and, of course, it's all encrypted so there is no way to see what the last message said.  What I do know is that I have connectivity to the gateway. 

 

Further suggestions welcomed.

Highlighted
L1 Bithead

Re: Connection issues with globalprotect VPN

Bump.  Is there anyone out there who can suggest a way forward to the above problem? 

Highlighted
Cyber Elite

Re: Connection issues with globalprotect VPN

@edgreenberg,

Unless you have access to the firewall logs it would be relatively difficult to actually troubleshoot this connection issue. I would engage your companies IT team and see if they will at least look at the log files on the firewall and see what's actually failing. If they don't really want to support a linux user anyway they might not be willing to do anything for you. 

Highlighted
L1 Bithead

Re: Connection issues with globalprotect VPN

@BPry ,

 

Thanks for the suggestion.  They are not as difficult as your message suggests :)

 

If I know what to ask for, I can probably get it.  I'll ask them if there is any blocked traffic in the logs.

 

Note that others have successfully connected to GP with the Windows client from the same network, so I am not optimistic about it being a firewall problem. 

 

One thing I'm not sure of is whether I should be using -p or -g to specify the vpn endpoint.  Do you, or does anybody, know the difference?

 

Thanks, 

Ed Greenberg

Highlighted
Cyber Elite

Re: Connection issues with globalprotect VPN

@edgreenberg I'm not sure you as an end user will really get anywhere in trying to troubleshoot something that should be done by the firewall or desktop admins in your organization.

 

Depending on how the GP config was setup they might actually not allow Linux OS to connect.  That would actually be a crule, but sadistically fun joke to play on someone who demands to have a client they do not want to support.  Give you a client and have you spend the next 4+ months trying to get it to work to no avail.

Highlighted
L0 Member

Re: Connection issues with globalprotect VPN

I've had similar issues, running on Ubuntu. I ended up reinstalling globalprotect, and it then  worked fine.

 

Give it a go, it might work.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!