GlobalProtect-openconnect
GlobalProtect-openconnect copied to clipboard
yuezk
Cannot run when inside remote X-Windows
I use a Virtual Machine for my VPN connections. Connect to it using SSH with X tunnel.
All X programs I tested run perfectly, even 3D accelerated.
But when I run gpclient connect myvpn:
[2024-02-05T15:52:11Z INFO gpclient::cli] gpclient started: 2.0.0-beta8 (2024-01-28)
[2024-02-05T15:52:11Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect
[2024-02-05T15:52:11Z INFO gpauth::cli] gpauth started: 2.0.0-beta8 (2024-01-28)
[2024-02-05T15:52:11Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
libEGL warning: DRI3: failed to query the version
libEGL warning: DRI2: failed to authenticate
(gpauth:4227): Gdk-WARNING **: 12:52:11.901: The program 'gpauth' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadRequest (invalid request code or no such operation)'.
(Details: serial 182 error_code 1 request_code 155 (unknown) minor_code 1)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the GDK_SYNCHRONIZE environment
variable to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
[2024-02-05T15:52:12Z INFO gpclient::connect] Failed to connect portal with prelogin: Failed to parse auth data
Error: Failed to parse auth data
I don't know why a connect window requires 3D OpenGL API, but can this be fixed work worked around?
Both remote and local hosts are running Fedora fc38
BTW: This is not a recent bug. The snapshot version also has this problem.
At least I can see the first window with the host name, but it never asks me for the user or password.
2024-02-05 13:12:33.887 INFO [5076] [main@24] GlobalProtect started, version: 1.4.6+2snapshot.g5714063
2024-02-05 13:12:34.189 INFO [5076] [GPClient::populateGatewayMenu@139] Populating the Switch Gateway menu...
2024-02-05 13:12:39.698 INFO [5076] [GPClient::populateGatewayMenu@139] Populating the Switch Gateway menu...
2024-02-05 13:12:39.768 INFO [5076] [GPClient::doConnect@244] Start connecting...
2024-02-05 13:12:39.769 INFO [5076] [GPClient::doConnect@265] Start portal login...
2024-02-05 13:12:39.778 INFO [5076] [PortalAuthenticator::authenticate@33] Preform portal prelogin at https://vpn.XXX.XX
2024-02-05 13:12:39.941 INFO [5076] [PortalAuthenticator::onPreloginFinished@50] Portal prelogin succeeded.
2024-02-05 13:12:39.941 INFO [5076] [PreloginResponse::parse@26] Start parsing the prelogin response...
2024-02-05 13:12:39.947 INFO [5076] [PortalAuthenticator::onPreloginFinished@54] Finished parsing the prelogin response. The region field is: BR
2024-02-05 13:12:39.947 INFO [5076] [PortalAuthenticator::samlAuth@121] Trying to perform SAML login with saml-method REDIRECT
failed to create drawable
DevTools listening on ws://127.0.0.1:12315/devtools/browser/6b482813-c60d-448a-8e39-bcf5c4b1628a
failed to create drawable
[5076:5142:0205/131240.153588:ERROR:gl_surface_glx_qt.cpp(188)] glXCreatePbuffer failed.
[5076:5142:0205/131240.153633:ERROR:gpu_info_collector.cc(69)] gl::GLContext::CreateOffscreenGLSurface failed
[5076:5142:0205/131240.153684:ERROR:gpu_info_collector.cc(277)] Could not create surface for info collection.
failed to create drawable
[5076:5142:0205/131240.155892:ERROR:gl_surface_glx_qt.cpp(188)] glXCreatePbuffer failed.
failed to create drawable
[5076:5142:0205/131240.157757:ERROR:gl_surface_glx_qt.cpp(188)] glXCreatePbuffer failed.
[5076:5142:0205/131240.157788:ERROR:gpu_info_collector.cc(69)] gl::GLContext::CreateOffscreenGLSurface failed
[5076:5142:0205/131240.157801:ERROR:gpu_info_collector.cc(277)] Could not create surface for info collection.
Segmentation fault (core dumped)
I haven't supported the remote X-Windows but will check if it is possible to support it.
Well, I am not using a vm but an LXC container with ssh + X11 forwarding, Ubuntu 22.04 LTS. I have run into exactly the same problem.
[2024-02-06T13:47:55Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
libEGL warning: DRI3: failed to query the version
libEGL warning: DRI2: failed to authenticate
(gpauth:546): Gdk-ERROR **: 13:47:55.238: The program 'gpauth' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadRequest (invalid request code or no such operation)'.
(Details: serial 184 error_code 1 request_code 155 (unknown) minor_code 1)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the GDK_SYNCHRONIZE environment
variable to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
[2024-02-06T13:47:55Z INFO gpclient::connect] Failed to connect portal with prelogin: Failed to parse auth data
As an additional comment, version 1.4.9 works just fine for me, and I must keep using that version for now.
@dioni21 @sjm42 I see your scenario.
Currently, gpclient launch-gui is not able to launch the GUI in the remote SSH, while I can run the GUI by running sudo gpservice (which is launch-gui calls under the hood) inside the remote SSH. You could use this command to run GUI from the remote SSH. I will make launch-gui work in the future releases.
For me it would not matter how exactly to start the program if it works... but it does not. Perhaps I could install some DRI libraries or something that would cheat and still use X11 forwarding while pretending DRI or something? I really have no clue now.
sjm@qv2:~$ sudo gpservice
[2024-02-07T20:40:06Z INFO gpservice::cli] gpservice started: 2.0.0 (2024-02-05)
[2024-02-07T20:40:06Z INFO gpservice::ws_server] WS server listening on port: 45265
[2024-02-07T20:40:06Z INFO gpgui::cli] gpgui started: 2.0.0 (2024-02-05)
[2024-02-07T20:40:06Z INFO gpgui::app] Setting the custom openssl conf path
(gpgui:785): dbind-WARNING **: 20:40:06.353: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_1: No such file or directory
[2024-02-07T20:40:06Z INFO gpgui::config::private_data] Generating config key
[2024-02-07T20:40:06Z WARN gpgui::app::app_initializer] Can't read the config key from the keyring: Couldn't access platform secure storage: SS error: result not returned from SS API
libEGL warning: DRI3: failed to query the version
libEGL warning: DRI2: failed to authenticate
(gpgui:785): Gdk-ERROR **: 20:40:06.438: The program 'gpgui' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadRequest (invalid request code or no such operation)'.
(Details: serial 279 error_code 1 request_code 155 (unknown) minor_code 1)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the GDK_SYNCHRONIZE environment
variable to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
[2024-02-07T20:40:06Z INFO gpservice::cli] GUI exited with code None
[2024-02-07T20:40:06Z INFO gpservice::cli] Shutdown request received, shutting down
[2024-02-07T20:40:06Z INFO gpservice::vpn_task] VPN task cancelled
[2024-02-07T20:40:06Z INFO gpservice::vpn_task] VPN is not connected, skip disconnect
[2024-02-07T20:40:06Z INFO gpservice::ws_server] WS server cancelled
[2024-02-07T20:40:06Z INFO gpservice::cli] gpservice stopped
I am using Ubuntu 22.04 LTS wih Regolith desktop aka i3 window manager. VPN is running inside an LXC container with its own ip address, network bridged and with X11 forwarding over ssh. So this LXC container is acting like a jump server that has vpn connectivity but the "parent" Linux host does not.