GlobalProtect Linux VPN Client Installation

Linux users should download and install the GlobalProtect VPN client.  The client can be downloaded from the ITC software downloads site here.  The client is supported for CentOS, Red Hat Enterprise Linux, and Ubuntu.  You will have to install either the downloaded .deb or .rpm file with your package manager.

You also need to enroll in Duo before your are able to authenticate to the VPN.  If you have not yet enrolled in Duo, you may do so here.

Once you have the client installed, connect by running the command:

globalprotect connect -p vpn-linux.dartmouth.edu

You may be prompted to install the server certificate on your client the first time that you connect.  Press 'y' to proceed.  You will then be prompted for your username and password.  After entering your username and password, your default Duo action will be taken, but there will be no prompt telling you that this is happening.  After the Duo authentication completes, you will be connected.

user@linuxhost:~$ globalprotect connect --portal vpn-linux.dartmouth.edu
Retrieving configuration...                                            
Disconnected
There is a problem with the security certificate, so the identity of 129.170.9.33 cannot be verified. Please contact the Help Desk for your organization to have the issue rectified.
Warning: The communication with 129.170.9.33 may have been compromised. We recommend that you do not continue with this connection.
Error details:Do you want to continue(y/n)?y
Retrieving configuration...                                            
Disconnected
129.170.9.33 - portal:local:Enter login credentials
username:user1
Password:
Retrieving configuration...                                            
Discovering network...
Connecting...
Connected 
 
To disconnect, run 'globalprotect disconnect' or 'globalprotect quit'.
 

If you are running Linux and want the split-tunnelled version that only sends traffic to 10.0.0.0/8 and 129.170.0.0/16 over the tunnel, the portal to use is vpn-linux-split.dartmouth.edu.

 

If you are not running Ubuntu, CentOS or RHEL, you may be able to work around this issue.  Create the file /etc/lsb-release with the contents:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"

Next restart gpd.service (e.g. 'sudo systemctl restart gpd.service').  You should now be able to connect.

 

See Related Articles to the right for more information.
0% helpful - 3 reviews

Details

Article ID: 72415
Created
Thu 2/21/19 3:20 PM
Modified
Tue 9/3/19 9:00 PM