-
-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working after update to v2.1.4 #346
Comments
@rednag Have you ever tried switching the gateway from the menu? |
Yes, does not work. |
The information I got from the logs is:
Looks like the key is that the gateway is not reachable from your machine. @rednag Can you try |
The address is pingable and with 1.4.8 the connection is established. |
It's weird since the host resolving is done by the OS and I didn't intercept it. I will continue working on investigating why it couldn't resolve the gateway host name by checking if the modules I used have this limitation. On the other hand, would you mind sending me the work logs of the old client? |
If you can tell me where they are stored since the location of the logs must be a different, because ~/.local/share/gpclient/gpclient.log is still the one from 2.1.4. |
The old client won't log into a file. Instead, you need to run |
`2024-04-17 11:38:03.995 INFO [33540] [main@24] GlobalProtect started, version: 1.4.8+28snapshot.g4a3f74f DevTools listening on ws://127.0.0.1:12315/devtools/browser/33bae9c6-a46e-4ec9-a8de-2569fe33242d 2024-04-17 11:38:06.748 INFO [33540] [GPClient::onVPNLogAvailable@518] Got extra OpenConnect args for server: xxx.yyy.com, 2024-04-17 11:38:06.758 INFO [33540] [GPClient::onVPNLogAvailable@518] Attempting to connect to server 120.51.173.237:443 2024-04-17 11:38:06.780 INFO [33540] [GPClient::onVPNLogAvailable@518] Connected to 120.51.173.237:443 2024-04-17 11:38:06.791 INFO [33540] [GPClient::onVPNLogAvailable@518] SSL negotiation with xxx.yyy.com 2024-04-17 11:38:06.833 INFO [33540] [GPClient::onVPNLogAvailable@518] Connected to HTTPS on xxx.yyy.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) 2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK 2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] Tunnel timeout (rekey interval) is 30 minutes. 2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] TCP_INFO rcv mss 1328, snd mss 1334, adv mss 1460, pmtu 1500 2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] No MTU received. Calculated 1422 for ESP tunnel 2024-04-17 11:38:06.868 INFO [33540] [GPClient::onVPNLogAvailable@518] POST https://xxx.yyy.com/ssl-vpn/hipreportcheck.esp 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] Got HTTP response: HTTP/1.1 200 OK 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] Parameters for incoming ESP: SPI 0xc854654d 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] WARNING: Server asked us to submit HIP report with md5sum a63bfc67f0bf033d01e3232c3a8504c6. 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 1) for GlobalProtect ESP: 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0000: 45 00 00 2c 47 47 40 00 40 01 13 08 0a 6e d6 14 |E..,GG@[email protected]..|
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0020: 74 6f 72 00 00 70 61 6e 20 68 61 20 |tor..pan ha | 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 2) for GlobalProtect ESP:
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0010: 00 00 00 00 08 00 0b 07 47 47 00 02 6d 6f 6e 69 |........GG..moni|
2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] ICMPv4 probe packet (seq 3) for GlobalProtect ESP: 2024-04-17 11:38:06.904 INFO [33540] [GPClient::onVPNLogAvailable@518] > 0000: 45 00 00 2c 47 47 40 00 40 01 13 08 0a 6e d6 14 |E..,GG@[email protected]..|
2024-04-17 11:38:06.926 INFO [33540] [GPClient::onVPNLogAvailable@518] ESP session established with server 2024-04-17 11:38:06.926 INFO [33540] [GPClient::onVPNLogAvailable@518] Configured as 10.12.214.20, with SSL disconnected and ESP established |
Thanks for the log. There is an entry in the old log
Thanks. |
I'm using the direct hostname of a gateway instead of using the portal address. Response of curl? |
|
|
Ah ok - so with the gateway address it works, but default the portal address is set.
|
The log when "Ignore TLS Errors" is set
|
The TLS errors occur when authentication,
|
TLS errors occur and the connection is not established. In the old client I've used the portal server and were able to choose the gateway from a list or the portal responds the nearest gateway server. |
Looks like you have two gateways and one portal. It is problematic when connecting as a portal server. The reason is not very clear, I found some error messages I have never seen.
Your gateway might need the client certificates to authenticate when using the portal server. But anyway, do as follows:
Hope this works for you. |
Weird since it works with 1.4.8. We are talking about 25 different Gateway server... |
You mean that you have 25 gateways? But I only find 2 gateway logs in the log file. |
Yes - in the previous version all of those were shown in a drop down or list. Mainly I use two of them, but it depends on the location. |
Has it something to do with ipv6?! I just remember some issues I had with OpenVPN and IPv6. |
@rednag The new client may have a flaw in parsing the gateways in the portal config. Can you help get the portal configuration with the following steps?
|
Sorry, my trail period ended and therefore I can not further test it. |
Hi @rednag understand it. But the CLI version has the parity features as the GUI version. The script in my last comment still makes sense. |
Describe the bug
Trying to connect to our portal and I'm getting the following error
Connection Failed
error sending request for url (https://...): error trying to connect: dns error: failed to lookup address information: Name or service not known
Expected behavior
Connecting to the GP portal.
Screenshots
If applicable, add screenshots to help explain your problem.
Logs
Environment:
Additional context
The free to use version worked out of the box and now I have a demo version which is not working?
The text was updated successfully, but these errors were encountered: