Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Goes back to "Not Connected" after kerbos login #249

Open
archisman-panigrahi opened this issue Aug 4, 2023 · 5 comments
Open

Goes back to "Not Connected" after kerbos login #249

archisman-panigrahi opened this issue Aug 4, 2023 · 5 comments

Comments

@archisman-panigrahi
Copy link

I am trying to connect to the MIT VPN. After logging in with the account details and authenticating with Duo, GlobalProtect shows "Not Connected".

2023-08-04 19:39:09.425 INFO  [3396] [GPClient::onVPNLogAvailable@518] Got extra OpenConnect args for server: us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com, <empty>
2023-08-04 19:39:09.425 INFO  [3396] [GPClient::onVPNLogAvailable@518] Start process with arugments: --protocol=gp, -u, , --cookie-on-stdin, us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
2023-08-04 19:39:09.426 INFO  [3396] [GPClient::onVPNLogAvailable@518] Openconnect started successfully, PID=3503
2023-08-04 19:39:09.449 INFO  [3396] [GPClient::onVPNLogAvailable@518] POST https://us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com/ssl-vpn/getconfig.esp

2023-08-04 19:39:09.542 INFO  [3396] [GPClient::onVPNLogAvailable@518] Connected to 208.127.79.164:443

2023-08-04 19:39:09.625 INFO  [3396] [GPClient::onVPNLogAvailable@518] SSL negotiation with us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com

2023-08-04 19:39:10.111 INFO  [3396] [GPClient::onVPNLogAvailable@518] Connected to HTTPS on us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)

2023-08-04 19:39:10.600 INFO  [3396] [GPClient::onVPNLogAvailable@518] Invalid authentication cookie
Creating SSL connection failed
Cookie was rejected by server; exiting.

2023-08-04 19:39:10.601 INFO  [3396] [GPClient::onVPNLogAvailable@518] Openconnect process exited with code 2 and exit status NormalExit
@archisman-panigrahi
Copy link
Author

This issue is not always reproducible. Sometimes it does connect successfully.

@yuezk
Copy link
Owner

yuezk commented Aug 7, 2023

It could be addressed in the new client on the refactor branch. You could give it a try if you interested, or wait for the release of the new client.

@archisman-panigrahi
Copy link
Author

I tried the refactor branch. There, after the kerbos login, it says "Failed to login, please try again", with the following terminal output.

[2023-08-30][02:12:52][INFO][app::auth] Loaded URI: https://redacted/idp/Authn/UsernamePassword
[2023-08-30][02:12:54][INFO][app::auth] Showing window after timeout (15 seconds)
[2023-08-30][02:13:04][INFO][app::auth] Loaded URI: https://redacted/idp/profile/SAML2/Redirect/SSO?execution=__redacted__&_eventId_proceed=__redacted__
[2023-08-30][02:13:04][INFO][app::auth] Loaded URI: https://redacted/SAML20/SP/ACS
[2023-08-30][02:13:04][INFO][app::auth] Got auth data successfully, closing window
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
Unhandled network process message 'NetworkStorageManager_DisconnectFromStorageArea'
[2023-08-30][02:13:05][WARN][app::storage] Error getting value: Deserialize("Value not found")

@yuezk
Copy link
Owner

yuezk commented Aug 30, 2023

@archisman-panigrahi Thanks for trying it. The Error getting value: Deserialize("Value not found") is not the root cause. You encountered a problem that happens randomly. I encountered it often, and I'm still struggling with it. Retry could probably be back to normal.

By the way, could you please try this plugin https://github.com/dlenski/gp-saml-gui to see if it works for you? I would greatly appreciate your feedback. Thank you.

@archisman-panigrahi
Copy link
Author

By the way, could you please try this plugin https://github.com/dlenski/gp-saml-gui to see if it works for you? I would greatly appreciate your feedback. Thank you.

I will definitely get back with this.

Meanwhile, I figured out how to connect to MIT VPN using the latest stable client (not the development version) in case us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com reverts back to not connected. Switching to another gateway works immediately.

Here are all the gateways (which I obtained from the globalprotect android app)

  • us-south-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-northeast-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-central-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-east-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-northwest-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-southeast-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-southwest-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com
  • us-west-g-mit-1015.gpoyosn52nnn.gw.gpcloudservice.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@archisman-panigrahi @yuezk