How you pass the protocol parameter in a profile for OpenConnect in IGEL OS 11.04.100?

I have been working with OpenConnect VPN in 11.04.100 and it is working well, with a caveat. I can only launch it successfully from the terminal. I am not sure if I just do not see where to insert the protocol for GlobalProtect or if another field needs added in the GUI. I am trying to pass the protocol standard for OpenConnect like this: openconnect –protocol=gp –dump -vvv

Learn more, read the entire thread inside the IGEL Community o Slack

In the Profile I have tried to only add the address of our vpn server, but get a message: “VPN failure Failed to obtain WebVPN cookie XML response has no “auth” node

I have also tried to add –protocol=gp –dump -vvv and get a different message: “VPN failure Unknown VPN protocol

I know that it works on the IGEL although not from the profile, and that all software including GlobalProtect protocol for Palo Alto networks was added to 11.04.100 successfully – because when I open a terminal on the UD3 and directly enter: openconnect –protocol=gp –dump -vvv well, then it works perfectly.

Does anyone know how you pass the protocol parameter in a profile for OpenConnect in 11.04.100?

Hi @member, the option for the GlobalProtect protocol didn’t make it into 11.04.100.

You need to patch the starter script to use it. This can be done with a Custom Command like so (transfer the setting and reboot):

System > Firmware Customization > Custom Commands > Base > Initilization:

sed -i -e ‘s+/bin/sh+/bin/bash+’ -e ‘s+$X_IS_JUNIPER+–protocol=gp+’ /services/unsupported02/usr/sbin/oc-starter

Upd: After testing with a gp account, I updated the command

I can’t thank you enough! That got it working perfectly from the GUI. How do I make sure this is an option in future firmware?

Here are the instructions to get Palo Alto Globalprotect VPN from@member – this is working perfectly on our network and hopefully will be baked in to the next release of IGEL OS!

No date and number set, yet. But roger that.

Here is a screenshot of the fix by @member installed. In our case we have a single profile that only does Palo Alto GlobalProtect

If you fill in username and password it does not prompt, if you leave it blank it will prompt for username and password each time on IGEL

Thank you Gents. Will give this a try.

So PB 11.04.130 ist out, where you can choose Globalprotect protocol.

Continue reading and comment on the thread ‘How you pass the protocol parameter in a profile for OpenConnect in IGEL OS 11.04.100?’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: