VPN / Global Protect HowTo

How to install and use the Global Protect VPN Client on Ubuntu:

This tutorial summarizes the installation of the Global Protect VPN Client on Ubuntu 16.04+ for use at the TH Nuremberg and represents information as of 28.9.2019.

Disclaimer: This tutorial is provided for your convenience only. It has been written thoroughly, but as always there is no guarantee that it will work out-of-the-box for different installations. In such a case please contact the RZ help desk.

1) Uninstall other VPN Client software

e.g. Aventail / Dell Connect Tunnel:
sudo /usr/local/Aventail/uninstall.sh (mileage may vary on different installations)

2) Download Global Protect VPN Client

3) Unpack

tar xvf PanGPLinux.tgz --one-top-level=tmp
cd tmp
Among others creates GlobalProtect_deb-–12.deb (as of May 2023, version may change in future releases)

4) List contained files

dpkg-deb -c ./GlobalProtect_deb-*.deb

5) Install contained files

sudo dpkg -i ./GlobalProtect_deb-*.deb

How to uninstall the Global Protect VPN Client on Ubuntu:

sudo apt remove globalprotect

How to use the Global Protect VPN Client on Ubuntu:

1) Start VPN Client utility

or just

2) Open VPN connection to vpn.ohmportal.de

connect -portal vpn.ohmportal.de

3) Authenticate

authenticate with virtuohm credentials, e.g. “roettgerst”

Setting up the connection took almost an entire minute until successful establishment.

4) Browse VPN, e.g. Ohm internal pages

5) Close VPN connection


6) Leave VPN Client utility


7) For convenience, there is also a one-liner to start the client:

globalprotect connect -portal vpn.ohmportal.de

8) More information on the man pages:

man globalprotect

Summary of helpful commands:

  • globalprotect help
  • globalprotect connect -portal vpn.ohmportal.de
  • globalprotect show --status
  • globalprotect show --details
  • globalprotect show --statistics
  • globalprotect show --host-state
  • globalprotect disconnect
  • man globalprotect
Aliases for the command prompt (to be put in .bashrc resp. .tcshrc):
alias vpn_on='globalprotect connect -portal vpn.ohmportal.de'
alias vpn_off='globalprotect disconnect'

Other VPN Client software:

sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
Open connection:
sudo openconnect -protocol=gp vpn.ohmportal.de
Not recommended for Ubuntu 16 and 18, since older versions contain a bug that prevents authorization with the TH server! OpenConnect version ≥ 8 is required for a proper hand-shake with the TH server.
  • Aventail Sonic Wall / Dell Connect Tunnel
Not recommended, since it has proven to work unreliably with the TH server!

Other Linux Distributions:

On Linux Mint and OpenSuse it is recommended to use OpenConnect v8.0+ instead of Global Protect. For other Linux distributions no further information is currently available.

Other useful information:

To connect with eduroam on Ubuntu, the following information is required:

  • security: WPA/WPA2
  • authentication: PEAP
  • anonymous user: anonymous
  • certificate: empty or /usr/share/ca-certificates/T-TeleSec_GlobalRoot_Class_2.crt
  • inner authentication: MSCHAPv2
  • user name: e.g. roettgerst@th-nuernberg.de
  • password: …

Update as of 16.6.2022:

  • The current version of OpenConnect on current Linux/Ubuntu distros now support GlobalProtect as a VPN client.

Update as of 8.2.2024:

  • The latest GlobalProtect_deb-–711.deb does not work any longer with Ubuntu 22.04 LTS
  • §%&&%”§!%&§!!&§%§&%!%!
  • Here is the latest working package GlobalProtect_deb-