Difference between revisions of "Palo Alto VPN for linux"
Line 23: | Line 23: | ||
[https://hpcguide.tau.ac.il/vpn/PanGPLinux-5.3.4-c5.tgz GlobalProtect-5.3.4] | [https://hpcguide.tau.ac.il/vpn/PanGPLinux-5.3.4-c5.tgz GlobalProtect-5.3.4] | ||
+ | -- | ||
[https://hpcguide.tau.ac.il/vpn/PanGPLinux-6.0.1-c6.tgz GlobalProtect-6.0.1] | [https://hpcguide.tau.ac.il/vpn/PanGPLinux-6.0.1-c6.tgz GlobalProtect-6.0.1] | ||
Revision as of 08:02, 14 August 2022
For security reason TelAviv University starts a VPN with double authentication standard.
In order to do that users have to check/fill in their mobile phone at myTAU page (https://mytau.tau.ac.il/GetResource.php) and enroll to the service. Then you need install GoogleAuthenticator on you mobile device and register it at TAU.
After that you may download and install PaloAlto GlobalProtect VPN client on your device (all operation systems are supported: IOS, Android, Linux MAC and even Window)
The steps:
Enrollment
Go to https://mytau.tau.ac.il/GetResource.php
Choose the “1” then “2” :
Then you will receive SMS with 2-minute code and enter it immediately to the filed: Then you will be redirected to the QR code for GoogleAuthenticator account setup: Scan it using your mobile Google Authenticator app using “+” on bottom right corner of mobile device and enter the generated code from mobile GoogleAuthenticator to the field and press the green button.
Download
Download and install VPN client, from the browser, go to:
GlobalProtect-5.3.4 -- GlobalProtect-6.0.1
Linux package should be extracted and installed appropriated version:
Debian/Ubuntu
dpkg -i GlobalProtect_UI_deb-5.3.1.0-36.deb
Redhat/Centos
yum localinstall GlobalProtect_UI_rpm-5.3.1.0-36.rpm
Configure
Execute and configure VPN client on Linux (another OS are similar) :
Open client by pressing on the relevant icon ("1" as in the picture on the right)
And enter address vpn.tau.ac.il ("2" as in the picture on the right)
Errors
SSL Error
On latest ubuntu version, ubuntu 22.04, after installing and configuring globalprotect VPN, you get this error:
Fix only for globalprotect
create new ssl.conf
file on your pc with the following content:
vim ~/ssl.conf
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
Then find this file:
sudo find / -name PanGPUI.desktop -type f
or
locate PanGPUI.desktop
(may need to do sudo updatedb before running this one)
there should be at least 2 path with this file, ignore this one --> /opt/paloaltonetworks/globalprotect/PanGPUI.desktop
On my linux, kubuntu 22.04 the file is here: /etc/xdg/autostart/PanGPUI.desktop
enter this file and change it from:
[Desktop Entry]
Name=PanGPUI
Type=Application
Exec=OPENSSL_CONF=/opt/paloaltonetworks/globalprotect/PanGPUI
Terminal=false
to
[Desktop Entry]
Name=PanGPUI
Type=Application
Exec=OPENSSL_CONF=~/ssl.conf /opt/paloaltonetworks/globalprotect/PanGPUI
Terminal=false
After restarting you pc, globalprotect will autostart with the custom ssl settings
Global fix
here is how to workaround it:
open /usr/lib/ssl/openssl.cnf
comment out this section:
# [openssl_init]
# providers = provider_sect
add this new section under the commented one from earlier:
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
reboot globalprotect app and the error should be fixed.
source:https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268
TAU credentials
Fill in pop-upped windows with your TAU credentials:
Open your mobile GoogleAuthenticator and enter code from there
Congratulations: you are done!