GlobalProtect-openconnect Can't connect to a new portal

trafficstars

I'm failing to connect to a new portal. I get through browser SSO Authentication, and everything seems like it's going to work but then the GUI reports "Not Connected".

Logs

[2024-05-06T11:12:09Z INFO  gpservice::cli] gpservice started: 2.1.4 (2024-04-11)
[2024-05-06T11:12:09Z INFO  gpservice::ws_server] WS server listening on port: 33997
[2024-05-06T11:12:10Z INFO  gpapi::process::gui_launcher] Version check passed: 2.1.4
[2024-05-06T11:12:10Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-05-06T11:12:10Z INFO  gpgui::cli] gpgui started: 2.1.4 (2024-04-10)
[2024-05-06T11:12:10Z INFO  gpgui::app] Setting the custom openssl conf path
[2024-05-06T11:12:10Z INFO  gpgui::config::private_data] Found config key in keyring
[2024-05-06T11:12:10Z INFO  gpgui::app::app_initializer] App initialized
[2024-05-06T11:12:10Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-05-06T11:12:10Z INFO  gpgui::ws_connector] Received ping
[2024-05-06T11:12:10Z INFO  gpgui::ws_connector] Connected to WS server
[2024-05-06T11:12:10Z INFO  gpservice::handlers] New client connected
[2024-05-06T11:12:10Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2024-05-06T11:12:11Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-05-06T11:12:11Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-05-06T11:12:11Z WARN  gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-05-06T11:12:13Z INFO  gpgui::portal_connector] Connecting to the portal: v**********u...
[2024-05-06T11:12:13Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-05-06T11:12:13Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: v**********u...
[2024-05-06T11:12:13Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Fedora Linux 39 (Workstation Edition))
[2024-05-06T11:12:13Z INFO  gpapi::portal::prelogin] Prelogin with params: {"os-version": "Linux Fedora Linux 39 (Workstation Edition)", "ipv6-support": "yes", "tmp": "tmp", "cas-support": "yes", "clientVer": "4100", "clientos": "Linux", "default-browser": "1"}
[2024-05-06T11:12:14Z INFO  gpgui::portal_connector] Authenticating gateway...
[2024-05-06T11:12:14Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2024-05-06T11:12:14Z INFO  gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-05-06T11:12:19Z INFO  gpgui::portal_connector] Received gp callback from the browser
[2024-05-06T11:12:19Z INFO  gpapi::auth] Parsing SAML auth data...
[2024-05-06T11:12:19Z INFO  gpgui::portal_connector] Performing gateway login, gateway: v**********u...
[2024-05-06T11:12:19Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Fedora Linux 39 (Workstation Edition))
[2024-05-06T11:12:20Z WARN  gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-05-06T11:12:20Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: v**********u
[2024-05-06T11:12:20Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-05-06T11:12:20Z INFO  openconnect::ffi] openconnect version: v9.12
[2024-05-06T11:12:20Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Fedora Linux 39 (Workstation Edition))
[2024-05-06T11:12:20Z INFO  openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2024-05-06T11:12:20Z INFO  openconnect::ffi] OS: linux
[2024-05-06T11:12:20Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-05-06T11:12:20Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-05-06T11:12:20Z INFO  openconnect::ffi] MTU: 0
[2024-05-06T11:12:20Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-05-06T11:12:21Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-05-06T11:12:21Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-05-06T11:12:21Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-05-06T11:12:22Z WARN  openconnect::ffi] Matching client config not found
[2024-05-06T11:12:22Z WARN  openconnect::ffi] openconnect_make_cstp_connection failed
[2024-05-06T11:12:22Z WARN  gpgui::portal_connector] Failed to connect to the gateway: v**********u
[2024-05-06T11:12:26Z INFO  gpgui::handlers::subscription] Sending the init event to client: settings
[2024-05-06T11:12:26Z INFO  gpgui::handlers::subscription] Sent the init event to client: settings

Environment:

OS: Fedora Linux 39 (Workstation Edition) x86_64
Desktop Environment: GNOME 45.5
Output of ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep:

jcranney    2284  0.0  0.0 824364  7404 ?        SLl  May03   0:02 /usr/bin/gnome-keyring-daemon --daemonize --login

Not remote SSH (local)

Additional context This is the first time trying to connect to this particular portal. My other portal works fine still.

May 06 '24 11:05 jcranney

Hi @jcranney, the related error message is:

[2024-05-06T11:12:22Z WARN  openconnect::ffi] Matching client config not found

This could be a configuration problem on the portal side. I found a related KB article on Palo Alto Networks' official site. Connection to GlobalProtect is Failing with Error "Matching client config not found"

I'm uncertain if you're able to reach out to your portal administrator for assistance.

May 07 '24 05:05 yuezk

... and are you able to connect the portal with the official client on macOS or Windows? If yes, it might need to be resolved from the client side.

May 07 '24 05:05 yuezk

Indeed, I think it's a client side problem after all. Closing this issue, thanks for the reply!

May 14 '24 21:05 jcranney

GlobalProtect-openconnect GlobalProtect-openconnect copied to clipboard

Can't connect to a new portal

GlobalProtect-openconnect
GlobalProtect-openconnect copied to clipboard