Tutorials

VPN / Global Protect HowTo

How to install and use the Global Protect VPN Client on Ubuntu:

This tutorial summarizes the installation of the Global Protect VPN Client on Ubuntu 16.04+ for use at the TH Nuremberg and represents information as of 28.9.2019.

Disclaimer: This tutorial is provided for your convenience only. It has been written thoroughly, but as always there is no guarantee that it will work out-of-the-box for different installations. In such a case please contact the RZ help desk.

1) Uninstall other VPN Client software

e.g. Aventail / Dell Connect Tunnel:
sudo /usr/local/Aventail/uninstall.sh (mileage may vary on different installations)

2) Download Global Protect VPN Client

https://my.ohmportal.de/vpn/PanGPLinux.tgz

3) Unpack

tar xvf PanGPLinux.tgz --one-top-level=tmp
cd tmp
Among others creates GlobalProtect_deb-6.0.5.1–12.deb (as of May 2023, version may change in future releases)

4) List contained files

dpkg-deb -c ./GlobalProtect_deb-*.deb

5) Install contained files

sudo dpkg -i ./GlobalProtect_deb-*.deb

How to uninstall the Global Protect VPN Client on Ubuntu:

sudo apt remove globalprotect

How to use the Global Protect VPN Client on Ubuntu:

1) Start VPN Client utility

/opt/paloaltonetworks/globalprotect/globalprotect
or just
globalprotect

2) Open VPN connection to vpn.ohmportal.de

connect -portal vpn.ohmportal.de

3) Authenticate

authenticate with virtuohm credentials, e.g. “roettgerst”

Setting up the connection took almost an entire minute until successful establishment.

4) Browse VPN, e.g. Ohm internal pages

https://intern.ohmportal.de/seitenbaum/home/page.html

5) Close VPN connection

disconnect

6) Leave VPN Client utility

quit

7) For convenience, there is also a one-liner to start the client:

globalprotect connect -portal vpn.ohmportal.de

8) More information on the man pages:

man globalprotect

Summary of helpful commands:

  • globalprotect help
  • globalprotect connect -portal vpn.ohmportal.de
  • globalprotect show --status
  • globalprotect show --details
  • globalprotect show --statistics
  • globalprotect show --host-state
  • globalprotect disconnect
  • man globalprotect
Aliases for the command prompt (to be put in .bashrc resp. .tcshrc): 
alias vpn_on='globalprotect connect -portal vpn.ohmportal.de'
alias vpn_off='globalprotect disconnect'

Other VPN Client software:

Installation: 
sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
Open connection: 
sudo openconnect -protocol=gp vpn.ohmportal.de
Not recommended for Ubuntu 16 and 18, since older versions contain a bug that prevents authorization with the TH server! OpenConnect version ≥ 8 is required for a proper hand-shake with the TH server.
  • Aventail Sonic Wall / Dell Connect Tunnel
Not recommended, since it has proven to work unreliably with the TH server!

Other Linux Distributions:

On Linux Mint and OpenSuse it is recommended to use OpenConnect v8.0+ instead of Global Protect. For other Linux distributions no further information is currently available.

Other useful information:

To connect with eduroam on Ubuntu, the following information is required:

  • security: WPA/WPA2
  • authentication: PEAP
  • anonymous user: anonymous
  • certificate: empty or /usr/share/ca-certificates/T-TeleSec_GlobalRoot_Class_2.crt
  • inner authentication: MSCHAPv2
  • user name: e.g. roettgerst@th-nuernberg.de
  • password: …

Update as of 16.6.2022:

  • The current version of OpenConnect on current Linux/Ubuntu distros now support GlobalProtect as a VPN client.

Update as of 8.2.2024:

  • The latest GlobalProtect_deb-6.1.4.0–711.deb does not work any longer with Ubuntu 22.04 LTS
  • §%&&%”§!%&§!!&§%§&%!%!
  • Here is the latest working package GlobalProtect_deb-6.0.5.1-12.deb

Options: