GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

Missing save password checkbox

Open nfacha opened this issue 1 year ago • 12 comments

Describe the bug The "Save Password" checkbox is missing, credentials need to be entered everytime the PC reboots (autostart+autoconnect)

Expected behavior There is a "Save Password" checkbox as there was before

Environment:

  • OS: Ubuntu 24.04.1 LTS
  • Desktop Environment: Gnome
  • Output of ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep: facha 2599 0.0 0.0 316756 10112 ? SLsl 08:46 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyrin
  • Is remote SSH? No, Local machine

nfacha avatar Sep 09 '24 08:09 nfacha

Hi @nfacha, how do you authenticate your VPN server? Do you use the name/password prompted or use an SSO in the embedded browser?

yuezk avatar Sep 11 '24 06:09 yuezk

Hi @nfacha, how do you authenticate your VPN server? Do you use the name/password prompted or use an SSO in the embedded browser?

I authenticate with username/password Before there was an option to save it, but on a recent update it went away

nfacha avatar Sep 11 '24 08:09 nfacha

For the username/password authentication, the credentials are automatically saved. Do you prefer not to save it?

yuezk avatar Sep 11 '24 08:09 yuezk

For the username/password authentication, the credentials are automatically saved. Do you prefer not to save it?

They are not being saved Login > Connect Successful > Disconnect > Reboot PC > Creds are being asked again

nfacha avatar Sep 11 '24 17:09 nfacha

Can you help send the logs ~/.local/share/gpclient/gpclient.log?

yuezk avatar Sep 12 '24 05:09 yuezk

Can you help send the logs ~/.local/share/gpclient/gpclient.log?

Looks like its either not saving on connect, or saving something incorrect i guess? Here you go

[2024-09-12T08:44:02Z INFO  gpservice::cli] gpservice started: 2.3.7 (2024-08-16)
[2024-09-12T08:44:02Z INFO  gpservice::ws_server] WS server listening on port: 46647
[2024-09-12T08:44:02Z INFO  gpapi::process::gui_launcher] Version check passed: 2.3.7
[2024-09-12T08:44:02Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-09-12T08:44:02Z INFO  gpgui::cli] gpgui started: 2.3.7 (2024-08-16)
[2024-09-12T08:44:02Z INFO  gpgui::app] Setting the custom openssl conf path
[2024-09-12T08:44:03Z INFO  gpgui::config::private_data] Loaded config key from keyring
[2024-09-12T08:44:03Z INFO  gpgui::app::app_initializer] App initialized
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Auto connecting to the portal...
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Received ping
[2024-09-12T08:44:03Z INFO  gpgui::ws_connector] Connected to WS server
[2024-09-12T08:44:03Z INFO  gpservice::handlers] New client connected
[2024-09-12T08:44:03Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Connecting to the portal: g**********t...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: Internal host detection is enabled, can't connect the gateway directly
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:03Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z INFO  gpapi::portal::config] Found internal-host-detection, performing DNS lookup
[2024-09-12T08:44:03Z WARN  gpapi::portal::config] rDNS lookup failed for 10.19.7.184: failed to lookup address information: Name or service not known
[2024-09-12T08:44:03Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********t...
[2024-09-12T08:44:03Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z WARN  gpapi::gateway::login] GP response error: reason=<none>, status=512 <unknown status code>, body=<html>
      <head></head>
      <body>
      var respStatus = "Error";
      var respMsg = "Authentication failure: Invalid username or password";
      thisForm.inputStr.value = "";
    </body>
    </html>
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: Gateway login error: <none>
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-12T08:44:03Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-12T08:44:03Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:03Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:04Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-09-12T08:44:04Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:04Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:04Z INFO  gpapi::utils::window] Window not raised: Failed to raise window: GlobalProtect
[2024-09-12T08:44:04Z WARN  gpapi::portal::config] GP response error: reason=auth-failed, status=512 <unknown status code>, body=<empty>
[2024-09-12T08:44:04Z INFO  gpgui::portal_connector] Failed to connect the portal with prelogin: Cached credential is stale, please try again
[2024-09-12T08:44:04Z WARN  gpgui::portal_connector] Failed to connect to the portal: Cached credential is stale, please try again
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Connecting to the portal: g**********t...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-12T08:44:12Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:12Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-12T08:44:12Z INFO  gpgui::portal_connector] No cached standard credential found, prompting the user...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Received portal credential from the user
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-12T08:44:17Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  gpapi::portal::config] Found internal-host-detection, performing DNS lookup
[2024-09-12T08:44:17Z WARN  gpapi::portal::config] rDNS lookup failed for 10.19.7.184: failed to lookup address information: Name or service not known
[2024-09-12T08:44:17Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********t...
[2024-09-12T08:44:17Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: g**********t
[2024-09-12T08:44:17Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-09-12T08:44:17Z INFO  openconnect::ffi] openconnect version: v9.12-1build5
[2024-09-12T08:44:17Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux Ubuntu 24.04.1 LTS)
[2024-09-12T08:44:17Z INFO  openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-09-12T08:44:17Z INFO  openconnect::ffi] OS: linux
[2024-09-12T08:44:17Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-09-12T08:44:17Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-12T08:44:17Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-12T08:44:17Z INFO  openconnect::ffi] MTU: 0
[2024-09-12T08:44:17Z INFO  openconnect::ffi] DISABLE_IPV6: 1
[2024-09-12T08:44:17Z INFO  openconnect::ffi] NO_DTLS: 0
[2024-09-12T08:44:17Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-09-12T08:44:18Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM)
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 480 minutes.
[2024-09-12T08:44:18Z INFO  openconnect::ffi] Idle timeout is 480 minutes.
[2024-09-12T08:44:18Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-12T08:44:18Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-12T08:44:18Z INFO  openconnect::ffi] ESP session established with server
[2024-09-12T08:44:18Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-12T08:44:19Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-12T08:44:19Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-09-12T08:44:19Z INFO  gpgui::portal_connector] Connected to the gateway: g**********t

nfacha avatar Sep 12 '24 08:09 nfacha

There could be a bug, I will check it.

yuezk avatar Sep 12 '24 09:09 yuezk

There could be a bug, I will check it.

Let me know if any additional debug is needed

nfacha avatar Sep 12 '24 13:09 nfacha

I would certainly prefer being able to disable remembering the credentials.

DamnedElric avatar Sep 13 '24 09:09 DamnedElric

@DamnedElric i can add an option to disable it. Btw, does the auto save works for you?

yuezk avatar Sep 13 '24 10:09 yuezk

@DamnedElric i can add an option to disable it. Btw, does the auto save works for you?

Yes the auto save is working.

DamnedElric avatar Sep 13 '24 20:09 DamnedElric

For me it was working before (there was a checkbox that eventually disappeared, but it continued to work) Once i had to format (so a clean install) the issue started Would suggest spinning up a new VM and installing from scratch there it see if happens if there is issues reproducing

nfacha avatar Sep 14 '24 11:09 nfacha

Is there any information on this matter? Because, in fact, that was the main reason I have the paid version, without it there's no point in paying for a subscription every month.

mcflypl avatar Oct 22 '24 07:10 mcflypl

@mcflypl Sorry for the delay. I'm unable to reproduce this issue locally. You and @nfacha may run into a corner case.

Would you please send logs at ~/.local/share/gpclient/gpclient.log? I will analysis your logs together to see if I can find the pattern. Thanks.

yuezk avatar Oct 22 '24 10:10 yuezk

@yuezk logs:

[2024-10-23T14:14:57Z INFO  gpservice::cli] gpservice started: 2.1.2 (2024-03-29)
[2024-10-23T14:14:57Z INFO  gpservice::ws_server] WS server listening on port: 38549
[2024-10-23T14:14:57Z INFO  gpapi::process::gui_launcher] Version check passed: 2.1.2
[2024-10-23T14:14:57Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-10-23T14:14:57Z INFO  gpgui::cli] gpgui started: 2.1.2 (2024-03-29)
[2024-10-23T14:14:57Z INFO  gpgui::app] Setting the custom openssl conf path
[2024-10-23T14:14:57Z INFO  gpgui::config::private_data] Found config key in keyring
[2024-10-23T14:14:57Z INFO  gpgui::app::app_initializer] App initialized
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Received ping
[2024-10-23T14:14:57Z INFO  gpgui::ws_connector] Connected to WS server
[2024-10-23T14:14:57Z INFO  gpservice::handlers] New client connected
[2024-10-23T14:14:57Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2024-10-23T14:14:58Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-10-23T14:14:58Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-10-23T14:14:58Z WARN  gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Connecting to the portal: s**********l...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-10-23T14:14:59Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-10-23T14:14:59Z INFO  gpgui::portal_connector] No cached standard credential found, prompting the user...
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Received portal credential from the user
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-10-23T14:15:12Z INFO  gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Performing gateway login, gateway: g**********l...
[2024-10-23T14:15:12Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:12Z WARN  gpapi::gateway::login] Gateway login error: reason=<none>, status=404 Not Found, response=<html>
    <head><title>404 Not Found</title></head>
    <body>
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Gateway login failed: Gateway login error, reason: <none>
[2024-10-23T14:15:12Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: g**********l...
[2024-10-23T14:15:12Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Failed to connect the portal with prelogin: Portal prelogin error: Prelogin endpoint not found
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Trying to connect the portal as a gateway...
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Gateway prelogin, gateway: s**********l...
[2024-10-23T14:15:13Z INFO  gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Authenticating gateway...
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Performing gateway login, gateway: s**********l...
[2024-10-23T14:15:13Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: s**********l
[2024-10-23T14:15:13Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-10-23T14:15:13Z INFO  openconnect::ffi] openconnect version: v9.12-1build5
[2024-10-23T14:15:13Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-10-23T14:15:13Z INFO  openconnect::ffi] OS: win
[2024-10-23T14:15:13Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-10-23T14:15:13Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] MTU: 0
[2024-10-23T14:15:13Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-10-23T14:15:13Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 540 minutes.
[2024-10-23T14:15:13Z INFO  openconnect::ffi] Idle timeout is 540 minutes.
[2024-10-23T14:15:13Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-10-23T14:15:13Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-10-23T14:15:13Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 93f4a95110c8d54231c87da891265d27.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-10-23T14:15:13Z INFO  openconnect::ffi] ESP session established with server
[2024-10-23T14:15:13Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-10-23T14:15:15Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-10-23T14:15:15Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-10-23T14:15:15Z INFO  gpgui::portal_connector] Connected to the gateway: s**********l

mcflypl avatar Oct 23 '24 14:10 mcflypl

Thanks for the logs, I'm looking into this. And will provide you with a snapshot version soon.

yuezk avatar Oct 27 '24 14:10 yuezk

@nfacha @mcflypl Can you help try the snapshot package below to see if it fixes your problem? Thanks.

https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/snapshot

yuezk avatar Oct 28 '24 15:10 yuezk

@nfacha @mcflypl Can you help try the snapshot package below to see if it fixes your problem? Thanks.

https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/snapshot

Will test and let you know

nfacha avatar Oct 29 '24 09:10 nfacha

@yuezk I think it helped for me, thanks a lot! :)

mcflypl avatar Oct 29 '24 19:10 mcflypl

@yuezk From what i could test yesterday and this morning it is indeed working :)

nfacha avatar Oct 30 '24 09:10 nfacha

Thanks for your help. I'm going to release a new version soon.

yuezk avatar Oct 30 '24 11:10 yuezk

@nfacha @mcflypl The fix has been released in https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/v2.3.8

I would certainly prefer being able to disable remembering the credentials.

@DamnedElric This is also supported in this release.

Let me know if it doesn't work for you. Thanks.

yuezk avatar Nov 01 '24 03:11 yuezk