Compiling help on macOS

[sclsj]

I was able to produce a binary file:

git clone https://github.com/yuezk/GlobalProtect-openconnect
make
make install

(Note: had to tweak the makefile to use ginstall and /usr/local/) However, when running:

gpclient connect gateway.colostate.edu -v
[2025-06-07T07:39:32Z INFO  gpclient::cli] gpclient started: 2.4.4 (2025-06-07)
[2025-06-07T07:39:32Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2025-06-07T07:39:32Z DEBUG reqwest::connect] starting new connection: https://gateway.colostate.edu/
[2025-06-07T07:39:32Z DEBUG hyper_util::client::legacy::connect::dns] resolve; host=gateway.colostate.edu
[2025-06-07T07:39:32Z DEBUG hyper_util::client::legacy::connect::http] connecting to 129.82.0.13:443
[2025-06-07T07:39:32Z DEBUG hyper_util::client::legacy::connect::http] connected to 129.82.0.13:443
[2025-06-07T07:39:36Z DEBUG hyper_util::client::legacy::pool] pooling idle connection for ("https", gateway.colostate.edu)
[2025-06-07T07:39:36Z WARN  gpclient::connect] Failed to connect portal with prelogin: No such file or directory (os error 2)

Error: No such file or directory (os error 2)

I'm not sure how to troubleshoot the error. Is this because some dependencies are not supported on macOS so they fail silently? I'm unable to produce any helpful error messages, even with RUST_LOG=debug RUST_BACKTRACE=1.

[sclsj]

However, gauth does work! Not sure how to use this result though.

jin@Joy-MBP ~/GlobalProtect-openconnect (main) [2]> gpauth gateway.colostate.edu
[2025-06-07T07:41:42Z INFO  gpauth::cli] gpauth started: 2.4.4 (2025-06-07)
[2025-06-07T07:41:42Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2025-06-07T07:41:44Z INFO  auth::webview::webview_auth] Setting up auth window...
[2025-06-07T07:41:44Z INFO  auth::webview::webview_auth] Loading auth request as HTML...
[2025-06-07T07:41:44Z INFO  auth::webview::webview_auth] Auth window setup completed
[2025-06-07T07:41:45Z INFO  auth::webview::webview_auth] Started loading page: about:blank
[2025-06-07T07:41:45Z INFO  auth::webview::webview_auth] Finished loading page: about:blank
[2025-06-07T07:41:45Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:45Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:41:45Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:45Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:41:45Z INFO  auth::webview::auth_messenger] Raise window task is still running, skipping...
[2025-06-07T07:41:45Z INFO  auth::webview::auth_messenger] Displaying the window in 2 second(s)...
[2025-06-07T07:41:46Z INFO  auth::webview::webview_auth] Started loading page: https://s**********m/saml2/sp/DIJ69PHJRYYFBKKG7EXR/sso
[2025-06-07T07:41:46Z INFO  auth::webview::auth_messenger] Cancelled raise window task
[2025-06-07T07:41:46Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:46Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:41:46Z INFO  auth::webview::auth_messenger] Displaying the window in 2 second(s)...
[2025-06-07T07:41:46Z INFO  auth::webview::webview_auth] Finished loading page: https://s**********m/saml2/sp/DIJ69PHJRYYFBKKG7EXR/sso
[2025-06-07T07:41:46Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:46Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:41:46Z INFO  auth::webview::auth_messenger] Raise window task is still running, skipping...
[2025-06-07T07:41:47Z INFO  auth::webview::webview_auth] Started loading page: https://s**********m/email_first?authkey=A**********J&scid=c**********a
[2025-06-07T07:41:47Z INFO  auth::webview::auth_messenger] Cancelled raise window task
[2025-06-07T07:41:47Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:47Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:41:47Z INFO  auth::webview::auth_messenger] Displaying the window in 2 second(s)...
[2025-06-07T07:41:49Z INFO  auth::webview::webview_auth] Raising auth window...
[2025-06-07T07:41:50Z INFO  auth::webview::webview_auth] Finished loading page: https://s**********m/email_first?authkey=A**********J&scid=c**********a
[2025-06-07T07:41:50Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:41:50Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:29Z INFO  auth::webview::webview_auth] Started loading page: https://s**********m/login/?authkey=A**********B&scid=c**********a
[2025-06-07T07:42:29Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:29Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:33Z INFO  auth::webview::webview_auth] Finished loading page: https://s**********m/login/?authkey=A**********B&scid=c**********a
[2025-06-07T07:42:33Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:33Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:41Z INFO  auth::webview::webview_auth] Started loading page: https://a**********m/frame/frameless/v4/auth?sid=f**********f&tx=e**********g&req-trace-group=6**********0
[2025-06-07T07:42:41Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:41Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:42Z INFO  auth::webview::webview_auth] Finished loading page: https://a**********m/frame/frameless/v4/auth?sid=f**********f&tx=e**********g&req-trace-group=6**********0
[2025-06-07T07:42:42Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:42Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:43Z INFO  auth::webview::webview_auth] Started loading page: https://a**********m/frame/v4/preauth/healthcheck?sid=f**********f
[2025-06-07T07:42:43Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:43Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:52Z INFO  auth::webview::webview_auth] Finished loading page: https://a**********m/frame/v4/preauth/healthcheck?sid=f**********f
[2025-06-07T07:42:52Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:52Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] Started loading page: https://a**********m/frame/frameless/v4/auth?sid=f**********f&tx=e**********g
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] Finished loading page: https://a**********m/frame/frameless/v4/auth?sid=f**********f&tx=e**********g
[2025-06-07T07:42:53Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:53Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] Started loading page: https://a**********m/frame/v4/auth/prompt?sid=f**********f
[2025-06-07T07:42:53Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:53Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:42:54Z INFO  auth::webview::webview_auth] Finished loading page: https://a**********m/frame/v4/auth/prompt?sid=f**********f
[2025-06-07T07:42:54Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:42:54Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:43:07Z INFO  auth::webview::webview_auth] Started loading page: https://s**********m/duo/ASNZDQ9T0DJKW51V9EQU/callback?state=P**********g&duo_code=E**********d
[2025-06-07T07:43:07Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:43:07Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:43:08Z INFO  auth::webview::webview_auth] Finished loading page: https://s**********m/duo/ASNZDQ9T0DJKW51V9EQU/callback?state=P**********g&duo_code=E**********d
[2025-06-07T07:43:08Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:43:08Z INFO  auth::webview::webview_auth] No auth data found in Body, it may not be the /SAML20/SP/ACS endpoint
[2025-06-07T07:43:09Z INFO  auth::webview::webview_auth] Started loading page: https://g**********u/SAML20/SP/ACS
[2025-06-07T07:43:09Z INFO  auth::webview::auth_messenger] Read auth data from html failed: No auth data found, extracting gpcallback...
[2025-06-07T07:43:09Z INFO  auth::webview::auth_messenger] Found gpcallback from html...
[2025-06-07T07:43:09Z INFO  auth::webview::webview_auth] Got auth data from Body
{"success":{"portalUserauthcookie":"","preloginCookie":"<redacted>,"token":null,"username":"COLOSTATE\\<redacted>"}}

[yuezk]

Hi @sclsj gpauth works because I added macOS support in https://github.com/yuezk/GlobalProtect-openconnect/commit/d37ccafdc20a20a2b6bfe909a3278d799f4dd930.

If I recall correctly, the gpclient command line also works. You don't have to hack it.

• Install openconnect via brew install openconnect.
• Build the software with cargo build -pgpclient -pgpauth.
• If you want to build the release build, add the --release option to the cargo build command.

[birdychang1004]

Hi @sclsj,

I encountered the same error as you did. I added extensive logging in the very first step—the prelogin function—and carefully debugged the issue step by step.

I found that when printing all the fields of GpParams, the SSL key and certificate were not accessible. After adding the necessary getter methods for these fields, the authentication process proceeded smoothly.

I hope this information helps you!

[sclsj]

@yuezk Thank you so much for the added support! After searching through the source code, I found that the problem is actually very simple. crates/gpapi/src/lib.rs uses a hardcoded program directory /urs/bin, however that path is read-only on macOS and I installed to /usr/local/bin. Changing all entries fixed the problem and I was able to successfully connect.

[yuezk]

I see, I didn't encounter this problem because I used the debug build, which uses the binaries from other paths.

[birdychang1004]

Hi @sclsj , The same issue occurred when I tried running the program on another computer. Thanks to your solution, I can now connect to other machines without any problems. On my original computer, I must have changed the environment variable at some point while troubleshooting, which is what allowed gpclient to successfully call gpauth

[yuezk]

Just for curiosity, why do you need it on macOS, considering that the official macOS client works well?

[yh-sb]

@sclsj and @birdychang1004, can you please share the working binary package for macOS? (Even debug build will be ok)

[birdychang1004]

Hi @yuezk , In my case, the official app had been working fine for a few months. However, one day in June, it suddenly failed to connect and showed an error message: "Missing required input parameters." Since I had already been using your program on Ubuntu without issues, I started looking for a way to make it work on my Mac as well

Hi @yh-sb , In my opinion, directly providing a working binary might not be the ideal solution. A better approach could be modifying the hardcoded path in crates/gpapi/src/lib.rs as suggested by @sclsj, and then building it using cargo build -p gpclient -p gpapi, as the @yuezk recommended.

[sclsj]

Just for curiosity, why do you need it on macOS, considering that the official macOS client works well?

The official client does not provide a native (apple silicon) version. Due to the fact that user have 0 control over rosetta cache (i.e. sometimes unused app get stored for years, sometimes it's randomly purged), I highly prefer native applications over others.

[sclsj]

@yh-sb I highly recommend that you build it yourself, as I just found that my build links to some homebrew shared libraries, not sure how to get a fully static build. Even though it will likely not run due to missing libraries, I've included here in case it can help.

gp binary.zip

[yh-sb]

@sclsj, ok, I was expecting to get working GUI binary. But even after installing dependencies (openconnect), it doesn't work or I didn't get how to properly start it. Nevertheless, I'll be waiting for the macOS support in the coming releases. Thank you all!

[sclsj]

@yh-sb As I noted before the binary paths are hard-coded, therefore you need to move the binaries to /usr/local/bin before using them. I've always been using the CLI, not even sure if there is a GUI on macOS?

[KerimG]

Just for curiosity, why do you need it on macOS, considering that the official macOS client works well?

@yuezk I dislike the fact that the official client cannot be quit when not needed. One would have to go into the activity monitor and kill its separate processes from there (or via a script).

[jjaychen1e]

I could build it successfully, but how to register globalprotectcallback in macOS?

[jjaychen1e]

I could build it successfully, but how to register globalprotectcallback in macOS?

I add instructions for how to run CLI mode in macOS here:

https://github.com/jjaychen1e/GlobalProtect-openconnect-macOS/blob/main/README_macOS.md