Is it possible to access a GlobalProtect gateway using the strongswan client on Ubuntu 16.04 LTS? I am trying to use ikev2 and use certificate authentication. PA guidance suggests it is possible using Ubuntu 14 and PAN-OS7 but I can see no guidance for later versions.
Any particular reason why you are using the StrongSwan client instead of the actual GlobalProtect Linux agent? The current documentation for strongSwan configuration hasn't been updated or validated since 7.0, but the setup process should be exactly the same and the documentation worked the last time I had to set it up.
I would try setting this up with IKEv1 to begin with just to verify that you have the process working, and then move on to attempt to get IKEv2 working correctly.
Thanks, the reason for not using the GlobalProtect client is that we are using a secure build supplied to us from a third party which doesn't allow for the installation of additional applications. There is a licensing issue which stops them being able to package the GP client and adding it to our build. I have tried ikev1 with no success which I was putting down to the guidance being so dated but I will look at it again to ensure I have captured all of the steps
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!