Bug 1580192

Summary: Package openconnect-gp -- there isnt globalprotect alternative for palo alto vpn
Product: [Fedora] Fedora Reporter: Jose Mantilla <joseluismantilla>
Component: openconnectAssignee: David Woodhouse <dwmw2>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 28CC: dwmw2, nmavrogi, vwfoxguru
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: openconnect-8.01-1.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-11 04:34:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jose Mantilla 2018-05-21 00:57:17 UTC 
Description of problem:

There isn't the package openconnect-gp --openconnect extended with glopalprotect -- to connect with Palo Alto vpn, please look at the:

https://github.com/dlenski/network-manager-openconnect
https://github.com/dlenski/openconnect/blob/globalprotect/README.md

Unfortunately, VPNC doesn't work with Palo Alto and there isn't alternatives with global protect in Fedora -- exist with android, ios, ubuntu but no with Fedora nor Rhel.

Version-Release number of selected component (if applicable):


How reproducible:
Try to connect using vpns

Steps to Reproduce:
1. dnf install vpnc
2. configure the user, pass, group and group pass in a config file.
3. $sudo vpnc file.conf created previously

Actual results:
vpnc: no response from target

Expected results:
Connection

Additional info:
The alternative is the openconnect extended with GP protocol --global protect-- but doesnt work with Fedora nor Rhel nor Centos
Comment 1 David Woodhouse 2018-05-21 07:32:10 UTC 
We are →← this close to having GP support merged upstream. Just a few trivial memory leak issues left, IIRC.

I think I'm waiting for those to be fixed and for Dan to send a (hopefully) final pull request. Apologies if that's already happened and I've missed it.

I'm planning to do a new OpenConnect release once the GP support is merged, and I've rounded up anything else that's pending (I know Nikos has one or two patches I haven't applied yet).
Comment 2 Scott Williams 2018-08-14 20:15:00 UTC 
It has been merged upstream for openconnect - https://www.infradead.org/openconnect/changelog.html
Comment 3 Scott Williams 2018-08-14 20:19:35 UTC 
I've been running openconnect off of the dlenski repo for work for almost a year, so I would be happy to help you test this now that it's merged upstream.
Comment 4 Scott Williams 2018-10-22 17:03:08 UTC 
Any update on this since it's been merged upstream?  I'd love to quit compiling it from a git repo on my system.
Comment 5 Scott Williams 2018-12-18 20:20:05 UTC 
Any update on this?  We had another request about this in the #Fedora channel on IRC today and we advised them to build openconnect from the github repo directly.
Comment 6 Fedora Update System 2019-01-07 07:43:02 UTC 
openconnect-8.01-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-267b29539a
Comment 7 Fedora Update System 2019-01-08 02:04:54 UTC 
openconnect-8.01-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-267b29539a
Comment 8 Scott Williams 2019-01-10 22:51:47 UTC 
Looks good here.  I'm able to connect via openconnect --protocol=gp .  It looks like it's not yet enabled in the NetworkManager-openconnect{,-gnome}, but that seems like a case where upstream hasn't caught up to v8 yet.
Comment 9 Fedora Update System 2019-01-11 04:34:01 UTC 
openconnect-8.01-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.