PulseSecure VPN doesn't work

So, I am tasked to install PulseSecure VPN for my work to access resources. when I open the portal that will redirect me to install pulsesecure app launcher I kept getting that my computer is unsatisfactory. I contacted the IT team and they gave me an rpm file installer to pulsesecure UI client. I installed it and proceeded with the next steps. I added the server URL and connected to it, visibly it looks like the connection is active(it shows so on the UI app) but when I open any of the urls none open. When I did the steps in the guide on windows(dual boot) it worked perfectly fine, but my main dev envinroment is on Linux so it’s inconvenient to keep switching like that even though I have a Fedora WSL installed there.

I have my doubts that the skipping the initial steps of letting the hostchecker auto-download the application launcher has to do with all that. The IT team mentioned that I do have the access and I do since everything worked fine in windows.

I’m just confused about why it’s not working on Fedora, what should I inspect to detect the issue, I did turn off firewall, turn it back on and added the interface, nothing worked at all.

I wonder what the routing setting is and the DNS resolver.
What is the output of the following:

ip addr
ip route
resolvectl
cat /etc/resolv.conf
1 Like

for ip addr it shows tun0 as the connection and it seems that there are no errors.

ip route shows a bunch of IP addresses going via the ip address of tun0

resolvectl shows this near tun0
Link 5 (tun0) Current Scopes: LLMNR/IPv4 LLMNR/IPv6 Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
and no DNS server address. I’m not sure if it should be there but also I have my feelings that it should since the connection we established was through a server URL and not an address.

cat /etc/resolv.conf shows 3 lines
search .
nameserver 10.254.48.4
nameserver 127.0.0.53

It looks like the app does not integrate with systemd-resolved used in Fedora, so you have the following options:

  • Ask the VPN provider to improve compatibility with systemd-resolved.
  • Use the app and disable systemd-resolved.
  • Import the VPN profile to NetworkManager and don’t use the app.
  • Work around the problem by prioritizing the dns backend over resolve.

Looks like the app overwrote the systemd resolvectl version of the /etc/resolv.conf as @vgaetera says.

I had issues like this with my works VPN. It turned out that the VPN app
integrated via the running commands. What I did was intercept the commands and integrated the VPN in my intercept scripts.

Check if you have a man page for the VPN and if there are command line options to customise it’s integration into the system.

Where are the host names that you want to use defined?
Are they in the company DNS or rhe public DNS?

You can use the dig command and host commands to check the DNS setup.

It look a name on a specific DNS server you can use dig @10.254.48.4 <name> for example.
You can use host <name> to see what apps are likely to get as an answer.

wait, I do have another VPN client installed. It’s a different one but for the same work and I might have to work on them simultaneously. the Client is from fortinet.

The VPN I’m trying to use now is from pulsesecure; when I installed it, it only gave pulseUI app and some other files shown in the screenshot here

I’ll try to do the steps recommended and report back what happened, I’ll look into how to perform the stpes you recommended but I’ll be grateful if you can provide some extra resources I c an look into.

This one worked like a charm

I edited /etc/nsswitch.conf

on the hosts section I modified it like this
hosts: files dns
instead of
hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

and restarted the NetworksManager. Now it worked well.

However, I’m not sure if I’ll be able to use it alongside the Fortinet Client since sometimes I need them both to interact with a separate set of resources at the same time and integrate them togather.

Nevermind, they both connect through the same port. But they work fine. But is there any way to make them work simultaneously?