I am attempting to connect to a GlobalProtect VPN and am having issues accomplishing it through the VPN settings GUI in GNOME (running Silverblue 34).
Issue with GUI Attempt
I have setup the CSD Wrapper script for hipreport.sh
successfully, and in the system menu (top right) it looks like it connected well. But attempted to actually access services restricted within the VPN, leads to timeouts.
Annoyingly, as the VPN connects, it closes the connection window which contains the logs. If these are stored in a file, let me know and I’ll upload them if they could be helpful (Could not find where they are stored).
Issue outlined and resolved using openconnect from CLI
I attempted this first in the terminal with:
openconnect --protocol=gp globalprotect.gateway.com --csd-wrapper=hipreport.sh
which seemed to work well until when it came to setting up ESP
Failed to bind local tun device (TUNSETIFF): Operation not permitted
To configure local networking, openconnect must be running as root
See http://www.infradead.org/openconnect/nonroot.html for more information
Set up tun device failed
Running the same command with sudo
worked as specified with the following respective response:
ESP session established with server
ESP tunnel connected; exiting HTTPS mainloop.
Potentially Helpful Links
Solution for setting up privileged access
Probably need to set up something like this, but not sure if there is an appropriate way, given I want to make it as easy as possible with the GUI.
To be clear, I don’t mind the CLI, but would rather leave it just for setup, rather than the permanent option for connecting…
Similar-ish Post
This could be a possible solution, but not sure if applicable in this case – hopefully someone who knows a bit more could let me know
The networkmanager-cli
seems like a reasonable solution to setup the network interface…