Global Protect new Linux UI

Reply
Highlighted
L0 Member

Re: Global Protect new Linux UI

OK, I've installed sert with a cli command globalprotect import-certificate --location /home/cert.p12 and it works now

 

Anyway, troubleshooting methods would be appreciated.

I have no idea where is my CA cert installed.

Highlighted
L2 Linker

Re: Global Protect new Linux UI

I'm running Ubuntu 19.10.

 

The GUI runs..  but, depending on the day, there are between 3 and 10 copies in the tray..  one process for each..  I have to click through each one as only one actually works.  All others ask to enter a portal address.

 

Any clue how to get it to only start one ?

 

 

Highlighted
L0 Member

Re: Global Protect new Linux UI

@gfowlerI have the same multiple copies in the tray issue. I'm using Kubuntu 19.10 and see that. I just toggled a setting in KDE to not restore my previous session to see if that'll help. I'll be rebooting in a little bit to test the theory out.

Highlighted
L1 Bithead

Re: Global Protect new Linux UI

I've run into this issue as well.  I haven't figured out what's causing it yet but I'm sure replacing the startup command with an strace command will shine a light on that.  The quick and dirty fix for this is to create a shell script that runs the following:

 

ps aux | grep PanGPU[I] | grep -v '-session ' | xargs kill

 

This will basically kill off any PanGUI process that isn't tied to your desktop session.

 

 

Highlighted
L2 Linker

Re: Global Protect new Linux UI

So far, I've found two solutions.

 

1.  Disable Session Restore completely.  The core problem appears to be with the previous PanGPUI sessions being restored.  But every time you reboot, an additional session is added.  Thus the first boot gives one PanGPUI.. the second reboot gives two and so on..

 

OR 

 

2.  Exclude PanGPUI from session restore.

 

additionally, adding "X-KDE-autostart-phase=2" to the autostart file for PanGPUI appears have positive effects as well..  For me, this was installed under /etc/xdg/autostart/

 

Searching the apps button for 'session' yields Desktop Session app.   Opening that gives me the options to "start with an empty session", as well as the "Applications to be excluded from sessions" text field (add PanGPUI)

 

 

Highlighted
L1 Bithead

Re: Global Protect new Linux UI

You can blacklist the PanGPUI process from being saved in KDE session saves with:

kwriteconfig --file ksmserverrc --group General --key excludeApps PanGPUI

Warning: this will overwrite anything you have for that key already. it'll also remove any comments in your ksmsserverrc file. This is a PER-USER change as is. (you could create an override in /etc/xdg with the same effect for all users. 

Or...  manually:

kcmshell5 kcmsmserver

And either selecting "Start with an empty session", use "Restore manually saved session" (that doesn't have PanGPUI in it already), or if using "Restore previous session", specify: "PanGPUI" in the field titled "Applications to be excluded from sessions:"

Highlighted
L1 Bithead

Re: Global Protect new Linux UI

Another thing that's REALLY annoying is:

/etc/profile.d/PanMSInit.sh

 

(guh, no POSIX/Bash Shell language in thisforum editor's <code> widget???)

#!/bin/bash
PANGPA=/opt/paloaltonetworks/globalprotect/PanGPA
pgrep -u $USER PanGPA > /dev/null 2>&1
if [ $? -ne 0 ]; then
  if [ -f $PANGPA ]; then 
    $PANGPA start &
  fi
fi

 

This unconditionally spins off a PanGP process for ALL interactive users.  That's absurd.  It also means, that when you login interactively, you get:

 

# exit
logout
There are running jobs.
[1]+ Running $PANGPA start &

#

 

requiring you exit twice, orkill thesejobs.  Spinning that process up should be done some other way (suid exe called by the user-agent (globalprotect | panGUI) or somethign else. 

 

At least please check if it's the 'root' user and don't do it.

 

thanks,

--stephen

Highlighted
L0 Member

Re: Global Protect new Linux UI

Use command 'globalprotect launch-ui' in terminal whenever you want to view the UI. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!