Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect to VPN - Failed to connect ESP tunnel; using HTTPS instead. #451

Open
saipavanc opened this issue Dec 9, 2024 · 1 comment
Open

Unable to connect to VPN - Failed to connect ESP tunnel; using HTTPS instead. #451

saipavanc opened this issue Dec 9, 2024 · 1 comment

Comments

@saipavanc
Copy link

Describe the bug
I am able to finish the SAML authentication, application says its connected, but I am unable to access the internet.

Expected behavior
Connect to vpn with a working internet connection.

Logs

$ gpauth vpn-connect.northwestern.edu --browser default 2>/dev/null | sudo gpclient connect vpn-connect.northwestern.edu --cookie-on-stdin
[sudo] password for <user>: 
[2024-12-09T18:26:30Z INFO  gpclient::cli] gpclient started: 2.3.9 (2024-12-09)
[2024-12-09T18:26:30Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect
[2024-12-09T18:26:30Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-12-09T18:26:30Z INFO  gpclient::connect] Reading cookie from standard input
[2024-12-09T18:26:41Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect
[2024-12-09T18:26:41Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2024-12-09T18:26:41Z INFO  gpclient::connect] Connecting to the only available gateway: vpn-connect2-nit (vpn-connect2.northwestern.edu)
[2024-12-09T18:26:41Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect
[2024-12-09T18:26:41Z INFO  openconnect::ffi] openconnect version: v9.12
[2024-12-09T18:26:41Z INFO  openconnect::ffi] User agent: PAN GlobalProtect
[2024-12-09T18:26:41Z INFO  openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2024-12-09T18:26:41Z INFO  openconnect::ffi] OS: linux
[2024-12-09T18:26:41Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-12-09T18:26:41Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-12-09T18:26:41Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-12-09T18:26:41Z INFO  openconnect::ffi] MTU: 0
[2024-12-09T18:26:41Z INFO  openconnect::ffi] DISABLE_IPV6: 0
[2024-12-09T18:26:41Z INFO  openconnect::ffi] NO_DTLS: 0
[2024-12-09T18:26:41Z INFO  openconnect::ffi] POST https://vpn-connect2.northwestern.edu/ssl-vpn/getconfig.esp
[2024-12-09T18:26:41Z INFO  openconnect::ffi] Connected to 129.105.179.53:443
[2024-12-09T18:26:41Z INFO  openconnect::ffi] SSL negotiation with vpn-connect2.northwestern.edu
[2024-12-09T18:26:41Z INFO  openconnect::ffi] Connected to HTTPS on vpn-connect2.northwestern.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-12-09T18:26:42Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2024-12-09T18:26:42Z INFO  openconnect::ffi] Idle timeout is 180 minutes.
[2024-12-09T18:26:42Z WARN  openconnect::ffi] GlobalProtect IPv6 support is experimental. Please report results to <[email protected]>.
[2024-12-09T18:26:42Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-12-09T18:26:42Z INFO  openconnect::ffi] POST https://vpn-connect2.northwestern.edu/ssl-vpn/hipreportcheck.esp
[2024-12-09T18:26:42Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum f0ee7dfd6789636cf03d39b63349595a.
        VPN connectivity may be disabled or limited without HIP report submission.
        You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-12-09T18:26:47Z WARN  openconnect::ffi] Failed to connect ESP tunnel; using HTTPS instead.
[2024-12-09T18:26:48Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-12-09T18:26:48Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 11
[2024-12-09T18:26:48Z INFO  gpclient::connect] Wrote PID 126285 to /var/run/gpclient.lock
^C[2024-12-09T18:27:03Z INFO  gpclient::connect] Received the interrupt signal, disconnecting...
[2024-12-09T18:27:03Z INFO  openconnect::ffi] Stopping VPN connection: 11
[2024-12-09T18:27:03Z INFO  openconnect::ffi] POST https://vpn-connect2.northwestern.edu/ssl-vpn/logout.esp
[2024-12-09T18:27:03Z INFO  openconnect::ffi] SSL negotiation with vpn-connect2.northwestern.edu
[2024-12-09T18:27:03Z INFO  openconnect::ffi] Connected to HTTPS on vpn-connect2.northwestern.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
[2024-12-09T18:27:03Z INFO  openconnect::ffi] Logout successful.
RTNETLINK answers: No such process
[2024-12-09T18:27:03Z INFO  openconnect::ffi] openconnect_mainloop returned -4, exiting
[2024-12-09T18:27:03Z INFO  gpclient::connect] Removing PID file

Environment:

  • OS: EndeavourOS Linux
  • Desktop Environment: KDE X11
  • Output of ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep: [Required for secure store error]
  • Is remote SSH? No

Additional context
I have also tried the older version globalprotect-openconnect package on AUR, and I am getting the same error Failed to connect ESP tunnel; using HTTPS instead..

Am I using the wrong command to initialize? Thank you for the help.
@hsai1020
Copy link

I had the same error and this issue was relevant:
#364
We need --disable-ipv6 in the options.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hsai1020 @saipavanc