GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

Document config files

Open jcrsilva opened this issue 7 months ago • 1 comments
trafficstars

Hello,

First of all thanks for coding this, this client is much nicer than the official globalprotect client on linux.

I would like for certain settings to be pre-populated as defaults when the client is installed, such as:

  • Start minimized
  • Auto connect on launch
  • Resume on wake up
  • Use External Browser

Additionally, it would be amazing if the portal addresses from the UI dropdown could also be prepopulated as well.

I'm guessing this could be achieved by simply copying the local app state from .local but wondering if there's a config file somewhere that can be leveraged.

I've been trying to check where these configs may be set but it seems they're not documented anywhere.

Thank you!

jcrsilva avatar Mar 31 '25 18:03 jcrsilva

Hi @jcrsilva, thanks for your feedback. Currently, the config file is located at $HOME/.config/com.yuezk.gpgui/app_config.bin, which is not editable. To support your case, I may need to provide a plain configuration file that can be predefined.

yuezk avatar Apr 02 '25 10:04 yuezk

I would support adding a configuration file, but also an option to edit the settings through CLI would be a good start. I have a number of laptops to provision, and I want to pre-define settings, by any means, it just needs to be automated. I even tried transferring a app_config.bin file to another computer, but that didn't work either

Is there anything I can do right know, that would help me set the settings without doing it manually ?

anony253 avatar Jul 22 '25 12:07 anony253

@anony253 What specific fields do you want to provision?

yuezk avatar Jul 24 '25 09:07 yuezk

So this is my current guide how to set everything up:

Open GP Gui

  • Go to Settings
  • Go to Authentication tab
    • Use Client Certificate Authentication
    • Set Client Certificate to "/opt/gp.pfx"
    • Set Key Passphrase to "password123"
  • Go to SSL/TLS tab
    • Tick "Ignore TLS Errors"
  • Go to License tab
    • Put in the license key, and specify your machine name under remark
    • License key: XXXXXX-XXX-XXX-XXXXXX
  • Save
  • Enter portal address: "vpn.somecompany.com" and hit connect

So, I want to enable client cert auth, specify cert location, specify cert passphrase, ignore tls errors, and specify a license key to be auto activated during first start of the software (with hostname put in as remark, so we can identify the install on the license portal)

Let me know if any of those is possible

anony253 avatar Jul 29 '25 08:07 anony253

Hi @anony253,

I'm afraid there is no workaround for your scenario. I will consider your scenario as a use case and will support it soon.

yuezk avatar Aug 22 '25 14:08 yuezk

Hi @anony253 @anony253 below is my proposal to resolve this problem in 2.4.6.

You can put gpclient.conf under the $HOME/.config/gpgui folder with the following content to configure the initial configuration options for the GUI client. The GUI client will load this file automatically and populate the user's configuration based on it.

Let me know if you have any questions.

# GlobalProtect-openconnect Client Configuration File
# This file sets default options for the client after installation.
# IT administrators can use this to configure client behavior without requiring
# manual user configuration.

# Portal address for the GlobalProtect VPN
# Format: hostname or IP address (do not include https://)
# Example: vpn.company.com
portal=

# Start the client minimized in the system tray
# Values: true, false
start_minimized=false

# Automatically connect to the VPN after starting the client
# Values: true, false
# Note: User must have saved credentials or use certificate authentication
auto_connect=false

# Resume the VPN connection after waking from sleep or hibernation
# Values: true, false
resume_on_wake=false

# Use an external web browser for authentication (SAML/SSO)
# Values: true, false
use_external_browser=false

# Browser to use if use_external_browser is enabled
# Values: chrome, firefox, default.
# Note: 'default' uses the system's default browser
external_browser=

# Use client certificate authentication
# Values: true, false
use_client_cert=false

# Path to the client certificate file (PEM or PKCS#12 format)
# Example (Linux): /home/user/.certs/client.(pfx|p12|pem)
client_cert_path=

# Path to the client private key file (if separate from certificate)
# Leave empty if using PKCS#12 format (.pfx/.p12)
# Example: /home/user/.certs/client.key
client_key_path=

# Password for encrypted client key file (if applicable)
client_key_password=

# Ignore TLS certificate errors
# Values: true, false
ignore_tls_errors=false

# Use compatibility mode for legacy OpenSSL versions
# Values: true, false
# Note: Only enable if connecting to older VPN gateways
legacy_openssl=false

# License key for the GlobalProtect-openconnect client (if required)
# Format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
license_key=

# License key description/identifier for tracking purposes
# Example: user's email or department
license_key_remark=

yuezk avatar Oct 12 '25 14:10 yuezk

Released in 2.4.6.

yuezk avatar Oct 16 '25 05:10 yuezk