A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports SAML auth mode.

Overview

GlobalProtect-openconnect

A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode, inspired by gp-saml-gui.

Features

  • Similar user experience as the official client in macOS.
  • Supports both SAML and non-SAML authentication modes.
  • Supports automatically selecting the preferred gateway from the multiple gateways.
  • Supports switching gateway from the system tray menu manually.

Future plan

  • Improve the release process
  • Process bugs and feature requests
  • Support for bypassing the gpclient parameters
  • Support the CLI mode

Passing the Custom Parameters to OpenConnect CLI

Custom parameters can be appended to the OpenConnect CLI with the following settings.

Tokens with spaces can be surrounded by double quotes; three consecutive double quotes represent the quote character itself.

Display the system tray icon on Gnome 40

Install the AppIndicator and KStatusNotifierItem Support extension and you will see the system try icon (Restart the system after the installation).

Prerequisites

  • Openconnect v8.x
  • Qt5, qt5-webengine, qt5-websockets

Build & Install

Clone this repo with:

git clone https://github.com/yuezk/GlobalProtect-openconnect.git
cd GlobalProtect-openconnect

Arch/Manjaro

Install from the globalprotect-openconnect AUR.

Ubuntu/Mint

⚠️ REQUIRED for Ubuntu 18.04 ⚠️

Add this dwmw2/openconnect PPA first to install the latest openconnect.

sudo add-apt-repository ppa:dwmw2/openconnect
sudo apt update

Build and install with:

./scripts/install-ubuntu.sh

openSUSE

Build and install with:

./scripts/install-opensuse.sh

Fedora

Build and install with:

./scripts/install-fedora.sh

Other Linux

Install the Qt5 dependencies and OpenConnect:

  • QtCore
  • QtWebEngine
  • QtWebSockets
  • QtDBus
  • openconnect v8.x

...then build and install with:

./scripts/install.sh

Debian package

Relatively manual process for now:

  • Clone the source tree

    git clone https://github.com/yuezk/GlobalProtect-openconnect.git
    cd GlobalProtect-openconnect
    
  • Install git-archive-all using the pip. Remember to adjust the version numbers etc.

    pip install git-archive-all
    
  • Next create an upstream source tree using git archive.

    git-archive-all --force-submodules --prefix=globalprotect-openconnect-1.3.0/ ../globalprotect-openconnect_1.3.0.orig.tar.gz
    
  • Finally extract the source tree, build the debian package, and install it.

    cd ..
    tar -xzvf globalprotect-openconnect_1.3.0.orig.tar.gz
    cd globalprotect-openconnect-1.3.0
    fakeroot dpkg-buildpackage -uc -us -sa 2>&1 | tee ../build.log
    sudo dpkg -i globalprotect-openconnect_1.3.0-1ppa1_amd64.deb
    

NixOS

In configuration.nix:

services.globalprotect = {
  enable = true;
  # if you need a Host Integrity Protection report
  csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
};

environment.systemPackages = [ globalprotect-openconnect ];

Troubleshooting

The application logs can be found at: ~/.cache/GlobalProtect-openconnect/gpclient.log

License

GPLv3

Comments
  • Does not seem to support MFA

    Does not seem to support MFA

    After I login, the application segfaults. Normally I would be prompted to enter my MFA info. $ ./gpclient 2020-05-29 16:03:00.002 INFO [106401] [PortalAuthenticator::[email protected]] Preform portal prelogin at https://vpn.foo.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux 2020-05-29 16:03:00.620 INFO [106401] [PortalAuthenticator::[email protected]] Portal prelogin succeeded. 2020-05-29 16:03:00.621 INFO [106401] [PortalAuthenticator::[email protected]] Trying to launch the normal login window... 2020-05-29 16:03:13.675 INFO [106401] [PortalAuthenticator::[email protected]] Fetching the portal config from https://vpn.foo.com/global-protect/getconfig.esp for user: gdanko 2020-05-29 16:03:14.744 INFO [106401] [PortalAuthenticator::[email protected]] Fetch the portal config succeeded. Segmentation fault (core dumped)

    opened by gdanko 22
  • Trivially exploitable priviledge escalation to root vulnerability

    Trivially exploitable priviledge escalation to root vulnerability

    The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root:

    1. Install the payload; in this case, a demonstration payload installing itself to /usr/bin/GROOT

       echo -e '#!/bin/bash\ncat "$0" > /usr/bin/GROOT\nchmod a+x "$0" /usr/bin/GROOT' > /tmp/groot; bash /tmp/groot
      
    2. Specify openconnect parameters: --script=/tmp/groot

    3. Log into any VPN service

    This vulnerability can be executed by any user, even a "nobody" user covertly by sending commands to the com.yuezk.qt.GPService. This vulnerability can be executed by a user with keyboard access to install a rootkit using the GUI you provided. This vulnerability can be executed as soon as openconnect-globalprotect is installed; even if the gpservice.service systemd service has not been started as the unit file specifies: BusName=com.yuezk.qt.GPService. I had to explicitly mask the service to mitigate the vulnerability.

    As such, it leaves any host who even has the program installed highly vulnerable; this is the worst case among privilege escalation vulnerabilities.

    For a secure-by-default configuration, openconnect-global needs to be updated, so administrator approval is needed to allow specific globalprotect servers or a change in command line parameters.

    I propose a root-editable configuration file /etc/openconnect-globalprotect.conf with the following syntax

      karolin *.vpn.cupdev.net -i cupdev --script=/etc/vpn/cupdev-ifup.sh
    

    This entry allows the user karolin to connect to any vpn servers with a domain suffix vpn.cupdev.net and the specified openconnect parameters. Groups may be specified by prefixing the user with %.

    The app could implement a config-editing feature, allowing users to edit the configuration graphically after specifying the administrator password.

    I would also suggest disabling systemd dbus activation altogether just to avoid the entire issue of a security bug sticking around even with a stopped unit.

    Thank you for all your hard work!

    opened by koraa 16
  • Connection stuck at

    Connection stuck at "Login Successful!" after SAML login

    Since the latest release, I cannot establish a successful connection, as after passing the SAML login step (I am using Okta), the login window just displays "Login Successful!", it does not close, and openconnect does not seem to be invoked to create the actual connection.

    I am on Arch Linux, with the following packages: globalprotect-openconnect 1.2.0-1 (installed from AUR) openconnect 1:8.10-1

    A screenshot:

    image

    I get the below logs:

    ❯ gpclient
    2020-05-28 23:04:19.354 INFO  [10272] [PortalAuthenticator::[email protected]] Preform portal prelogin at https://my-vpn.corporation.com/global-protect/prelogin.esp
    2020-05-28 23:04:20.337 INFO  [10272] [PortalAuthenticator::[email protected]] Portal prelogin succeeded.
    2020-05-28 23:04:20.337 INFO  [10272] [PortalAuthenticator::[email protected]] Trying to perform SAML login with saml-method POST
    
    DevTools listening on ws://127.0.0.1:12315/devtools/browser/6a7a4658-2184-46bc-b22d-bb19bf5b0793
    Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
    2020-05-28 23:04:20.722 INFO  [10272] [SAMLLoginWindow::[email protected]] Load finished https://my-vpn.corporation.com/global-protect/prelogin.esp
    2020-05-28 23:04:25.413 INFO  [10272] [SAMLLoginWindow::[email protected]] Load finished https://corporation.okta.com/app/panw_globalprotect/exk123456789ABCDEFGH/sso/saml
    2020-05-28 23:04:43.202 INFO  [10272] [SAMLLoginWindow::[email protected]] Load finished https://corporation.okta.com/login/sessionCookieRedirect
    

    Thank you for help.

    opened by zsolt-donca 15
  • Can't connect with a 'Matching client config not found' error since 1.3.1

    Can't connect with a 'Matching client config not found' error since 1.3.1

    I can't connect to my GlobalProtect VPN anymore since I upgraded from 1.3.0 to 1.3.1.

    08:32:30.731 INFO  [361681] [gpclient::helper::[email protected]] Start parsing the gateway response...
    08:32:30.731 INFO  [361681] [gpclient::helper::[email protected]] The gateway response is: <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>[REDACTED]</argument><argument>[REDACTED]</argument><argument>[REDACTED]</argument><argument>[REDACTED]</argument><argument>[REDACTED]</argument><argument>[REDACTED]</argument><argument>%28empty_domain%29</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument><argument>4100</argument><argument></argument><argument></argument><argument></argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
    08:32:30.731 INFO  [361681] [GPClient::[email protected]] Gateway login succeeded, got the cookie authcookie=[REDACTED]&portal=[REDACTED]&user=[REDACTED]&domain=%2528empty_domain%2529&preferred-ip=&computer=infinity
    08:32:30.734 INFO  [361681] [GPClient::[email protected]] Start process with arugments: --protocol=gp -u  -C authcookie=[REDACTED]&portal=[REDACTED]&user=[REDACTED]&domain=%2528empty_domain%2529&preferred-ip=&computer=infinity [REDACTED]
    08:32:30.734 INFO  [361681] [GPClient::[email protected]] Openconnect started successfully, PID=362122
    08:32:30.739 INFO  [361681] [GPClient::[email protected]] POST https://[REDACTED]/ssl-vpn/getconfig.esp
    08:32:30.901 INFO  [361681] [GPClient::[email protected]] Connected to [REDACTED]:443
    08:32:30.927 INFO  [361681] [GPClient::[email protected]] SSL negotiation with [REDACTED]
    08:32:31.251 INFO  [361681] [GPClient::[email protected]] Connected to HTTPS on [REDACTED] with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
    08:32:31.419 INFO  [361681] [GPClient::[email protected]] Matching client config not found
    Creating SSL connection failed
    08:32:31.420 INFO  [361681] [GPClient::[email protected]] Openconnect process exited with code 1 and exit status NormalExit
    

    What could be causing this?

    opened by trustin 13
  • Fails on VPNs with multiple gateways.

    Fails on VPNs with multiple gateways.

    When connecting to a VPN with multiple gateways I receive the error: This does not appear to be a SAML prelogin response (<saml-auth-method> or <saml-request> tags missing)

    Will try to look into it more this weekend but believe that additional branching logic might need to be added based on the prelogin response containing a list of gateways.

    enhancement 
    opened by frsilent 12
  • 2FA with Okta failing

    2FA with Okta failing

    Hi, this application has been working great for me and I was very relieved to find it after switching from OSX to linux.

    One of the VPNs that I have to connect to just switched to using Okta 2FA. It was working fine before they integrated Okta, but now it is not working. I can login and the 2FA prompt shows up without any issues. I approve the push notification and then it fails. I've pasted the log below. Any suggestions would be very much appreciated.

    2022-05-18 17:34:45.822 INFO  [133509] [[email protected]] GlobalProtect started, version: 1.3.4
    QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
    2022-05-18 17:34:46.024 INFO  [133509] [GPClient::[email protected]] Populating the Switch Gateway menu...
    2022-05-18 17:34:49.137 INFO  [133509] [GPClient::[email protected]] Populating the Switch Gateway menu...
    2022-05-18 17:34:53.314 INFO  [133509] [GPClient::[email protected]] Start connecting...
    2022-05-18 17:34:53.314 INFO  [133509] [GPClient::[email protected]] Start portal login...
    2022-05-18 17:34:53.316 INFO  [133509] [PortalAuthenticator::[email protected]] Preform portal prelogin at https://X.X.XXX.XX/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
    2022-05-18 17:34:53.579 INFO  [133509] [PortalAuthenticator::[email protected]] Portal prelogin succeeded.
    2022-05-18 17:34:53.579 INFO  [133509] [PreloginResponse::[email protected]] Start parsing the prelogin response...
    2022-05-18 17:34:53.579 INFO  [133509] [PortalAuthenticator::[email protected]] Finished parsing the prelogin response. The region field is: US
    2022-05-18 17:34:53.579 INFO  [133509] [PortalAuthenticator::[email protected]] Trying to perform SAML login with saml-method POST
    
    DevTools listening on ws://127.0.0.1:12315/devtools/browser/935d8261-f86c-41fb-8a1f-61b46c57a33f
    Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
    2022-05-18 17:34:53.733 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from data:text/html;charset=UTF-8,%3Chtml%3E%0A%3Cbody%3E%0A%3Cform%20id%3D%22myform%22%20method%3D%22POST%22%20action%3D%22https%3A%2F%2Fgridsec.okta.com%2Fapp%2Fpanw_globalprotect%2Fexkg9uh21vGE9emlW2p7%2Fsso%2Fsaml%22%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22SAMLRequest%22%20value%3D%22PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vOC43LjE1My42Nzo0NDMvU0FNTDIwL1NQL0FDUyIgRGVzdGluYXRpb249Imh0dHBzOi8vZ3JpZHNlYy5va3RhLmNvbS9hcHAvcGFud19nbG9iYWxwcm90ZWN0L2V4a2c5dWgyMXZHRTllbWxXMnA3L3Nzby9zYW1sIiBJRD0iXzBhZDRkNzEyMDY5MTUxNGQ4YTIyZmQ1Yzk5ZjI4ZTVhIiBJc3N1ZUluc3RhbnQ9IjIwMjItMDUtMThUMjI6MzQ6NTNaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI%2BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vOC43LjE1My42Nzo0NDMvU0FNTDIwL1NQPC9zYW1sOklzc3Vlcj48L3NhbWxwOkF1dGhuUmVxdWVzdD4%3D%22%20%2F%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22RelayState%22%20value%3D%22YVeWLgAALRM1MWQxZjgwZjA1NjI2Y2JkMjE0NWEzMTIxZDhlZWZhMQ%3D%3D%22%20%2F%3E%0A%3C%2Fform%3E%0A%3Cscript%3E%0A%20%20document.getElementById%28%27myform%27%29.submit%28%29%3B%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0D%0A
    2022-05-18 17:34:53.839 INFO  [133509] [SAMLLoginWindow::[email protected]] Load finished https://X.X.XXX.XX/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
    2022-05-18 17:34:54.232 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://gridsec.okta.com/app/panw_globalprotect/exkg9uh21vGE9emlW2p7/sso/saml
    2022-05-18 17:34:54.479 INFO  [133509] [SAMLLoginWindow::[email protected]] Load finished https://gridsec.okta.com/app/panw_globalprotect/exkg9uh21vGE9emlW2p7/sso/saml
    2022-05-18 17:34:54.492 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://login.okta.com/discovery/iframe.html
    2022-05-18 17:35:05.118 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://gridsec.okta.com/auth/services/devicefingerprint
    2022-05-18 17:35:05.790 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://gridsec.okta.com/auth/services/devicefingerprint
    2022-05-18 17:35:08.003 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://gridsec.okta.com/auth/services/devicefingerprint
    2022-05-18 17:35:16.177 INFO  [133509] [SAMLLoginWindow::[email protected]] Response received from https://gridsec.okta.com/login/sessionCookieRedirect
    2022-05-18 17:35:16.221 INFO  [133509] [SAMLLoginWindow::[email protected]] Load finished https://gridsec.okta.com/login/sessionCookieRedirect
    [133662:133682:0518/173516.306240:ERROR:ssl_client_socket_impl.cc(960)] handshake failed; returned -1, SSL error code 1, net_error -202
    2022-05-18 17:35:16.337 INFO  [133509] [SAMLLoginWindow::[email protected]] Load finished https://X.X.X.XX/SAML20/SP/ACS
    
    opened by bt- 11
  • Ubuntu 22.04 SSL handshake failed

    Ubuntu 22.04 SSL handshake failed

    I can't connect with 22.04 due to "SSL handshake failed" error, however I found a way to connect via CLI, you can see how at https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/comments/26

    Is there a chance to make this GUI work ?

    opened by suoko 10
  • After connect UI still showing as connecting status

    After connect UI still showing as connecting status

    Hi I've installed the app recent in PoP Os 20.04 following the steps to build the debian package and got a small issue even after a successfull connection the GUI keeps showing the connecting message without any return. Attached images of the issue.; Screenshot from 2021-01-08 15-32-24 Screenshot from 2021-01-08 15-31-59

    help wanted 
    opened by marcosjrvrael 10
  • GUI stays

    GUI stays "Connecting"

    Hi

    I'm experiencing an issue in Kubuntu (Ubuntu 20.04.2 LTS), where the GUI stays in the Connecting state, but never actually establishes the connection. Authentication seems to work but it seems like the event to set the connection is not being triggered properly.

    Any help would be appreciated!

    Here are some logs

    2021-07-08 10:33:40.950 INFO [17199] [[email protected]] GlobalProtect started, version: v1.2.8 2021-07-08 10:33:41.152 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... 2021-07-08 10:33:52.732 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... 2021-07-08 10:33:52.788 INFO [17199] [GPClient::[email protected]] Start connecting... 2021-07-08 10:33:52.788 INFO [17199] [GPClient::[email protected]] Start gateway login using the previously saved gateway... .... 2021-07-08 10:33:54.831 INFO [17199] [GPClient::[email protected]] Gateway login succeeded, got the cookie authcookie=***&portal=***&user=***&domain=%2528empty_domain%2529&preferred-ip=&computer=***

    2021-07-08 10:35:01.849 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... 2021-07-08 10:36:15.665 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... 2021-07-08 10:36:35.137 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... 2021-07-08 10:40:11.255 INFO [17199] [GPClient::[email protected]] Populating the Switch Gateway menu... ...

    opened by palcina 9
  • After SAML, stuck at

    After SAML, stuck at "Connecting"

    The SAML authentication seems to work great, but the GUI hangs at "Connecting...". Any thoughts?

    2021-09-09 08:20:36.146 INFO  [388769] [[email protected]] GlobalProtect started, version: v1.3.3                                                                                                                            2021-09-09 08:20:36.314 INFO  [388769] [GPClient::[email protected]] Populating the Switch Gateway menu...                                                                                                   2021-09-09 08:20:38.405 INFO  [388769] [GPClient::[email protected]] Populating the Switch Gateway menu...                                                                                              
    2021-09-09 08:20:38.484 INFO  [388769] [GPClient::[email protected]] Start connecting...                                                                                                                               2021-09-09 08:20:38.484 INFO  [388769] [GPClient::[email protected]] Start gateway login using the previously saved gateway...
    2021-09-09 08:20:38.484 INFO  [388769] [GPClient::[email protected]] Performing gateway login...
    2021-09-09 08:20:38.492 INFO  [388769] [GatewayAuthenticator::[email protected]] Start gateway authentication...
    2021-09-09 08:20:38.493 INFO  [388769] [GatewayAuthenticator::[email protected]] Trying to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&comp
    uter=mylaptop&ok=Login&direct=yes&clientVer=4100&os-version=Ubuntu 20.04.3 LTS&clientos=Linux&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=
    2021-09-09 08:20:38.842 ERROR [388769] [GatewayAuthenticator::[email protected]] Failed to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp, Error transferring https://gateway.xxx.edu/ss
    l-vpn/login.esp - server replied: Custom error
    2021-09-09 08:20:38.842 INFO  [388769] [GatewayAuthenticator::[email protected]] Perform the gateway prelogin at https://gateway.xxx.edu/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=
    4100&clientos=Linux
    2021-09-09 08:20:38.894 INFO  [388769] [GatewayAuthenticator::[email protected]] Gateway prelogin succeeded.
    2021-09-09 08:20:38.894 INFO  [388769] [PreloginResponse::[email protected]] Start parsing the prelogin response...
    2021-09-09 08:20:38.895 INFO  [388769] [GatewayAuthenticator::[email protected]] Trying to perform SAML login with saml-method POST
    
    DevTools listening on ws://127.0.0.1:12315/devtools/browser/7bb84b48-1d98-4e30-9eda-2ad7e5ac433a
    Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
    2021-09-09 08:20:39.050 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from data:text/html;charset=UTF-8,%3Chtml%3E%0A%3Cbody%3E%0A%3Cform%20id%3D%22myform%22%20method%3D%22POST%22%20a
    ction%3D%22https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%22%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22SAMLRequest%22%20value%3D%22PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9
    hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vZ2F0ZXdheS5jYXJsZXRvbi5lZHU6NDQzL1NBTUwyMC9TUC9BQ1MiIERlc3RpbmF0aW9uPSJodHRwczovL2xvZ2luLmNhcmxldG9uLmVkdS9pZHAvcHJvZm
    lsZS9TQU1MMi9QT1NUL1NTTyIgSUQ9Il9jYTYzYTNhNDMzMGViYzg5MGQ1YmEzMWRmMDNiNTc0ZiIgSXNzdWVJbnN0YW50PSIyMDIxLTA5LTA5VDEzOjIwOjM4WiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUI
    iBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL2dhdGV3YXkuY2FybGV0b24uZWR1OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3
    D%3D%22%20%2F%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22RelayState%22%20value%3D%22yCYBALaNzGAyYTJjYmQwNmJjZGJhMzBiYzBjY2E0MzcwNGQ1M2UzMg%3D%3D%22%20%2F%3E%0A%3C%2Fform%3E%0A%3Cscript%3E%0A%20%20document.g
    etElementById%28%27myform%27%29.submit%28%29%3B%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0D%0A
    2021-09-09 08:20:39.068 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://gateway.xxx.edu/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=L
    inux
    2021-09-09 08:20:39.209 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
    2021-09-09 08:20:39.316 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
    2021-09-09 08:20:39.389 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
    2021-09-09 08:20:39.540 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
    2021-09-09 08:20:45.511 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
    2021-09-09 08:20:45.854 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://api-8e4f311a.duosecurity.com/frame/web/v1/auth?tx=TX|ZG11c2ljYW50fERJRjhSV0xGVktJVFk1MTZJUEdVfDE2MzE
    xOTM5NDU=|e8a50dc42e96b428aae06406bd7e1eb632604a7b&parent=https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%3Fexecution%3De1s3&v=2.6
    2021-09-09 08:20:45.921 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
    2021-09-09 08:20:46.261 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://api-8e4f311a.duosecurity.com/frame/web/v1/auth?tx=TX|ZG11c2ljYW50fERJRjhSV0xGVktJVFk1MTZJUEdVfDE2MzE
    xOTM5NDU=|e8a50dc42e96b428aae06406bd7e1eb632604a7b&parent=https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%3Fexecution%3De1s3&v=2.6
    2021-09-09 08:20:46.534 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
    2021-09-09 08:20:46.552 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
    2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::[email protected]] Response received from https://gateway.xxx.edu/SAML20/SP/ACS
    2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::[email protected]] Got username from SAML response headers username
    2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::[email protected]] Got prelogin-cookie from SAML response headers Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG8j6NDnaAWVvB7dRfhpy57+zp
    2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::[email protected]] Got the SAML authentication information successfully. username: username, preloginCookie: Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG
    8j6NDnaAWVvB7dRfhpy57+zp, userAuthCookie: 
    2021-09-09 08:20:46.640 INFO  [388769] [GatewayAuthenticator::[email protected]] SAML login succeeded, got the prelogin-cookie Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG8j6NDnaAWVvB7dRfhpy57+zp
    2021-09-09 08:20:46.641 INFO  [388769] [GatewayAuthenticator::[email protected]] Trying to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&pass
    wd=&computer=mylaptop&ok=Login&direct=yes&clientVer=4100&os-version=Ubuntu 20.04.3 LTS&clientos=Linux&portal-prelogonuserauthcookie=&ipv6-support=yes&user=username&prelogin-cookie=Uq77eKye%2B4eZn8l3Spi9j%2B1fTO
    8LlWbt4YfT%2BXSG8j6NDnaAWVvB7dRfhpy57%2Bzp&portal-userauthcookie=
    2021-09-09 08:20:46.658 INFO  [388769] [SAMLLoginWindow::[email protected]] Load finished https://gateway.xxx.edu/SAML20/SP/ACS
    2021-09-09 08:20:47.004 INFO  [388769] [gpclient::helper::[email protected]] Start parsing the gateway response...
    2021-09-09 08:20:47.004 INFO  [388769] [gpclient::helper::[email protected]] The gateway response is: <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>22dd
    cde9731b6331a26895fe51e860b6</argument><argument>946cffbb40acc185c72e73af0045b02685882718</argument><argument>gateway.xxx.edu-N</argument><argument>username</argument><argument>SAML login.xxx.edu</arg
    ument><argument>vsys1</argument><argument>%28empty_domain%29</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument>
    <argument>4100</argument><argument></argument><argument></argument><argument></argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
    2021-09-09 08:20:47.004 INFO  [388769] [GPClient::[email protected]] Gateway login succeeded, got the cookie authcookie=22ddcde9731b6331a26895fe51e860b6&portal=gateway.xxx.edu-N&user=username&domain=%25
    28empty_domain%2529&preferred-ip=&computer=mylaptop
    
    opened by dmusican 8
  • Build from source error

    Build from source error

    Hello -

    Great project, thanks. I received this error when trying to build from source in the make step:

    gpservice.cpp: In member function ‘void GPService::connect(QString, QString, QString, QString)’: gpservice.cpp:68:19: error: ‘splitCommand’ is not a member of ‘QProcess’ 68 | << QProcess::splitCommand(extraArgs) | ^~~~~~~~~~~~ make[1]: *** [Makefile:498: gpservice.o] Error 1 make[1]: Leaving directory '/home/sharif/Downloads/GlobalProtect-openconnect/GPService' make: *** [Makefile:73: sub-GPService-make_first] Error 2

    This same error showed up trying to build the deb package.

    I ended up removing the line it was failing at: gpservice.cpp:68:19 regarding the splitCommand for QProcess. Does that work for you? The Qdocumentation doesn't mention this function, but I am not versed in this package at all.

    I'm on Ubuntu Budgie, 20.04 LTS. I followed the openconnect and Qt package installs w/ appropriate versions. No issue there.

    In any case, I removed the line and it was able to build, and it works! not sure what that code line was doing. I am connecting via a 2-factor auth w/ third party so maybe because I'm not using a username/password the app doesn't complain.

    In any case, that was my experience - thank you!

    opened by sharifelguindi 8
  • Fails to build with dpkg-buildpackage

    Fails to build with dpkg-buildpackage

    I realize this is probably not supported, but since this project had a debian/ directory, and I use vanilla Debian (not Ubuntu), I figured I would try building it with dpkg-buildpackage, instead of the route suggested in the readme, so I could manage it with APT and cleanly uninstall it if necessary.

    Unfortunately, this failed with an error:

    dpkg-buildpackage: info: source package globalprotect-openconnect
    dpkg-buildpackage: info: source version 1.4.8-1
    dpkg-buildpackage: info: source distribution unstable
    dpkg-buildpackage: info: source changed by Kevin Yue <[email protected]>
    dpkg-buildpackage: info: host architecture amd64
     dpkg-source --before-build .
     fakeroot debian/rules clean
    dh clean
       dh_auto_clean
            rm -rf obj-x86_64-linux-gnu
       dh_clean
            rm -f debian/debhelper-build-stamp
            rm -rf debian/.debhelper/
            rm -f debian/globalprotect-openconnect.debhelper.log
            rm -f -- debian/globalprotect-openconnect.substvars debian/globalprotect-openconnect.postrm.debhelper debian/files
            rm -fr -- debian/globalprotect-openconnect/ debian/tmp/
            find .  \( \( \
                    \( -path .\*/.git -o -path .\*/.svn -o -path .\*/.bzr -o -path .\*/.hg -o -path .\*/CVS -o -path .\*/.pc -o -path .\*/_darcs \) -prune -o -type f -a \
                    \( -name '#*#' -o -name '.*~' -o -name '*~' -o -name DEADJOE \
                     -o -name '*.orig' -o -name '*.rej' -o -name '*.bak' \
                     -o -name '.*.orig' -o -name .*.rej -o -name '.SUMS' \
                     -o -name TAGS -o \( -path '*/.deps/*' -a -name '*.P' \) \
                    \) -exec rm -f {} + \) -o \
                    \( -type d -a -name autom4te.cache -prune -exec rm -rf {} + \) \)
     dpkg-source -b .
    dpkg-source: error: can't build with source format '3.0 (native)': native package version may not have a revision
    dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 255
    

    I decided to report this as an issue because, as it turns out, there's a simple fix for this! The error was merely complaining about the version format in the debian/changelog being incompatible with the source format asserted in debian/source/format. After changing the version number of the latest version listed in debian/changelog from 1.4.8-1 to simply 1.4.8, the package built and installed successfully, and it is currently working on my system. Perhaps future versions should alter the versioning format, or the source format, so that the package can be built as a DEB automatically.

    opened by northivanastan 0
  • Credentials autocompleting (secure version)

    Credentials autocompleting (secure version)

    See #109

    I've successfully integrated https://github.com/frankosterfeld/qtkeychain/ as @yuezk suggested.

    Added two methods in the settings namespace:

    bool secureSave(const QString &key, const QString &value);
    bool secureGet(const QString &key, QString &value);
    

    Credentials are saved when the login button is clicked in the StandardLoginWindow, and autocompleted when the same window is created. Maybe there is a better way to manage this, I'll leave it to the ones that have a deeper knowledge of the project (Perhaps we could try to log in without showing that window if the credentials are present in the wallet).

    Disclaimer: only tested on Manjaro KDE

    opened by CarloRamponi 1
  • 1.4.8 version shows blank login page

    1.4.8 version shows blank login page

    Version 1.4.7 works fine but 1.4.8 doesn't. It just shows empty login page. In the logs of 1.4.8 I see:

    2022-08-16 17:50:31.356 INFO  [530083] [SAMLLoginWindow::[email protected]] Checking the authentication result...
    2022-08-16 17:50:40.781 INFO  [530083] [SAMLLoginWindow::[email protected]] MAX_WAIT_TIME exceeded, display the login window.
    
    opened by kurnevsky 4
  • Support custom URL scheme beyond-identity-endpoint in Qt Web

    Support custom URL scheme beyond-identity-endpoint in Qt Web

    Currently, I'm using beyond-identity as MFA. After clicking on Connect in GlobalProtect-openconnect, it redirects me to a web page where normally it would attempt to open the URL scheme beyond-identity-endpoint:///. Unfortunately, I don't believe it's possible to specify the scheme at the moment (no pop-up notification to select application like Firefox). I believe the following links may be helpful for adding support for custom URL scheme :

    • https://doc.qt.io/qt-6/qtwebengine-features.html#custom-schemes
    • https://doc.qt.io/qt-6/qwebengineurlscheme.html
    • https://doc.qt.io/qt-6/qtwebengine-features.html#web-notifications

    Firefox

    image

    Chromium

    image

    opened by klDen 0
Releases(v1.4.8)
Owner
Kevin Yue
@MicroStrategy is hiring at Hangzhou, China, contact me.
Kevin Yue
Lightway Core is a modern VPN protocol by ExpressVPN, to deliver a VPN experience that’s faster, more secure, and more reliable.

Lightway Core is a modern VPN protocol by ExpressVPN, to deliver a VPN experience that’s faster, more secure, and more reliable.

ExpressVPN 344 Oct 6, 2022
LAN Party VPN - Run VPN on top of Discord. No installation required.

LAN Party VPN - VPN for Virtual LAN Parties Have you ever wanted to play a classic game with your friends but not able to because you or your friends

Yifan Gu 254 Oct 1, 2022
SoftEther VPN - Cross-platform multi-protocol VPN software.

SoftEther VPN - Cross-platform multi-protocol VPN software.

SoftEther 9.3k Oct 2, 2022
A VPN client for Android based on OpenVPN made with Jetpack Compose.

Gear VPN - Free, Secure & Open sourced VPN Tech Stack Jetpack Compose - Google's new UI toolkit for developing native Android apps. Navigator-Compose

Kaustubh Patange 77 Sep 28, 2022
A graphical (Qt5) client for MPD

Cantata NOTE Cantata is now in a bug-fix only state. Therefore, new features are unlikly to be implemented unless pull requests are submitted. The cur

CraigD 1k Sep 24, 2022
Husarnet is a Peer-to-Peer VPN to connect your laptops, servers and microcontrollers over the Internet with zero configuration.

Husarnet Client Husarnet is a Peer-to-Peer VPN to connect your laptops, servers and microcontrollers over the Internet with zero configuration. Key fe

Husarnet 151 Sep 30, 2022
Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Felix Queißner 554 Sep 29, 2022
Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports parallel downloading with multiple file chunks from multiple peers.

Mini-Torrent Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports

null 1 Nov 15, 2021
Built a client-server application using TCP and UDP sockets, in which the clients can subscribe/unsubscribe to various topics.

Built a client-server application using TCP and UDP sockets, in which the clients can subscribe/unsubscribe to various topics.

null 1 Jun 22, 2022
m8c is a client for Dirtywave M8 tracker's headless mode.

m8c is a client for Dirtywave M8 tracker's headless mode. The application should be cross-platform ready and can be built in Linux, Windows (with MSYS2/MINGW64) and Mac OS.

Jonne Kokkonen 164 Sep 26, 2022
Triton Python and C++ client libraries and example, and client examples for go, java and scala.

Triton Client Libraries and Examples To simplify communication with Triton, the Triton project provides several client libraries and examples of how t

Triton Inference Server 179 Sep 30, 2022
A simple tcp tunnel on c using sockets Right now it only supports linux systems

A simple tcp tunnel on c using sockets Right now it only supports linux systems build BY MAKE mkdir build make cd build ./tunnel.o <localport> <rem

notaweeb 8 Sep 20, 2021
a lightweight and performant multicast DNS (mDNS) reflector with modern design, supports zone based reflection and IPv6

mDNS Reflector mDNS Reflector (mdns-reflector) is a lightweight and performant multicast DNS (mDNS) reflector with a modern design. It reflects mDNS q

Yuxiang Zhu 76 Sep 26, 2022
Webdav-client-cpp - C++ WebDAV Client provides easy and convenient to work with WebDAV-servers.

WebDAV Client Package WebDAV Client provides easy and convenient to work with WebDAV-servers: Yandex.Disk Dropbox Google Drive Box 4shared ownCloud ..

Cloud Polis 102 Oct 1, 2022
VEngine-Client - vEngine: Official Client Module

━ S Y N O P S I S ━ Maintainer(s): Aviril, Tron vEngine is Next-Gen Sandbox-Engine being crafted in C++. In contrast to UE/Unity/ReverseEngineered-Mod

ᴠ : ꜱᴛᴜᴅɪᴏ 15 Sep 7, 2022
Pyth-client - client API for on-chain pyth programs

pyth-client client API for on-chain pyth programs Build Instructions # depends on openssl apt install libssl-dev # depends on libz apt install zlib1g

Pyth Network 107 Sep 23, 2022
This repository provides a C++ client SDK for Unleash that meets the Unleash Client Specifications.

Unleash Client SDK for C++ This repository provides a C++ client SDK for Unleash that meets the Unleash Client Specifications. Features The below tabl

Antonio Ruiz 4 Jan 30, 2022
RPC based on C++ Workflow. Supports Baidu bRPC, Tencent tRPC, thrift protocols.

中文版入口 SRPC Introduction SRPC is an RPC system developed by Sogou. Its main features include: Base on Sogou C++ Workflow, with the following features:

C++ Workflow Project and Ecosystem 1.4k Oct 2, 2022
Realtime Client/Server app for Linux allowing joystick (and other HID) data to be transferred over a local network

netstick What is it? Netstick enables HID devices to be remotely connected between a "client" and "server" over a network connection. It allows the ke

null 31 Oct 1, 2022