Hi @kiwi, Thanks for your help! Yes, the certificate was created by the CA. What folder do you mean? I see only a folder "~/.GlobalProtect" with only the logs and three dat files. One of them is called "PanPortalCfg_*.dat" so it might seems that it has something to do with the portals configuration, but it's binary so I have not found a way to read it. I've tried to copy the p12 certificate in this folder and import it from here, but the result is still the same: Retrieving configuration... Retrieving configuration... Failed to connect to gp-dica.vpn.polimi.it. Error: A valid client certificate is required for authentication. If the issue persists, contact your administrator. Looking at the PanGPi.log file I read this message, where VPN1 is the vpn service which requires the 2FA and is working, while VPN2 is the one which requires the certificate and is not working: P11533-T150869760 04/07/2022 08:29:19:541 Debug( 118): From GPA: statusDisconnectedA valid client certificate is required for authentication. If the issue persists, contact your administrator.ni-ext-gw.vpn.VPN1ni-ext-gw.vpn.VPN1yesnodc-ext-gw.vpn.VPN1dc-ext-gw.vpn.VPN1yesnoClient Cert Requiredgp-dica.vpn.VPN2noyes. By looking at them on the line it makes me think that there must be some sort of mixup with the portals. Could this be the case? Also I saw in the PanGPA.log the user for VPN2, which however I did not remember writing anywhere and, for this reason, I think it was read by the certificate...
... View more
Hi @kiwi, Yes, that is correct. I unistalled theUI version and I moved to the CLI one. This allowed me to use the `connect` command. However, now I'm stuck my another issue: while one of the VPN requires 2FA and works correctly using the CLI version, the other one requires a certificate. Even if I first import the certificate with (run in the location where the certificate is located): $ globalprotect import-certificate --location . Please input passcode: Import certificate is successful. I then get this message: $ globalprotect connect --portal YYYYYYYY Retrieving configuration... Retrieving configuration... Failed to connect to YYYYYYYY. Error: A valid client certificate is required for authentication. If the issue persists, contact your administrator. I've tried with multiple certificates (even newly generated), but the issue persists.
... View more
Hi, I'm trying to set up two different VPN relying on two different accounts on the same Linux (Linux Mint 20.2 Uma, base: Ubuntu 20.04 focal), but I'm having some issues. From what I understood (as the VPN rely on different emails) I need to create different portals. I have already one portal setup on my laptop using GlobalProtect, but when when I try to follow the commands indicated here https://docs.paloaltonetworks.com/globalprotect/5-3/globalprotect-app-user-guide/globalprotect-app-for-linux/use-the-globalprotect-app-for-linux.html) I get the following error: $ globalprotect connect --portal XXXXXX Cannot parse your input. The valid CLI commands that you can now use are: collect-log import-certificate launch-ui [--recover] show --version So it seems that the 'connect' command is not recognized. How so? I'm using GlobalProtect version 5.3.1-36 Thanks
... View more