/GlobalProtect-openconnect

A GlobalProtect VPN client (GUI) for Linux, based on OpenConnect and built with Qt5, supports SAML auth mode.

Primary LanguageC++GNU General Public License v3.0GPL-3.0

GlobalProtect-openconnect

A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode, inspired by gp-saml-gui.

Buy me a coffee via Paypal Support me on Ko-fi Buy Me A Coffee

Features

  • Similar user experience as the official client in macOS.
  • Supports both SAML and non-SAML authentication modes.
  • Supports automatically selecting the preferred gateway from the multiple gateways.
  • Supports switching gateway from the system tray menu manually.

Install

OS Stable version Development version
Linux Mint, Ubuntu 18.04 or later ppa:yuezk/globalprotect-openconnect ppa:yuezk/globalprotect-openconnect-snapshot
Arch, Manjaro globalprotect-openconnect AUR: globalprotect-openconnect-git
Fedora copr: yuezk/globalprotect-openconnect copr: yuezk/globalprotect-openconnect
openSUSE, CentOS 8 OBS: globalprotect-openconnect OBS: globalprotect-openconnect-snapshot

Add the repository in the above table and install it with your favorite package manager tool.

Arch package AUR package Manjaro Stable package Manjaro Testing package Manjaro Unstable package nixpkgs unstable package Parabola package

Linux Mint, Ubuntu 18.04 or later

sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
sudo apt-get update
sudo apt install globalprotect-openconnect

For Linux Mint, you might need to import the GPG key with: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761 if you encountered an error gpg: keyserver receive failed: General error.

Arch Linux / Manjaro

sudo pacman -S globalprotect-openconnect

AUR snapshot version

yay -S globalprotect-openconnect-git

Fedora

sudo dnf copr enable yuezk/globalprotect-openconnect
sudo dnf install globalprotect-openconnect

openSUSE

  • openSUSE Tumbleweed

    sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Tumbleweed/home:yuezk.repo
    sudo zypper ref
    sudo zypper install globalprotect-openconnect
  • openSUSE Leap

    sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Leap_15.2/home:yuezk.repo
    sudo zypper ref
    sudo zypper install globalprotect-openconnect

CentOS 8

  1. Add the repository: https://download.opensuse.org/repositories/home:/yuezk/CentOS_8/home:yuezk.repo
  2. Install globalprotect-openconnect

Build & Install from source code

Clone this repo with:

git clone https://github.com/yuezk/GlobalProtect-openconnect.git
cd GlobalProtect-openconnect

Ubuntu/Mint

⚠️ REQUIRED for Ubuntu 18.04 ⚠️

Add this dwmw2/openconnect PPA first to install the latest openconnect.

sudo add-apt-repository ppa:dwmw2/openconnect
sudo apt update

Build and install with:

./scripts/install-ubuntu.sh

openSUSE

Build and install with:

./scripts/install-opensuse.sh

Fedora

Build and install with:

./scripts/install-fedora.sh

Other Linux

Install the Qt5 dependencies and OpenConnect:

  • QtCore
  • QtWebEngine
  • QtWebSockets
  • QtDBus
  • openconnect v8.x

...then build and install with:

./scripts/install.sh

NixOS

In configuration.nix:

services.globalprotect = {
  enable = true;
  # if you need a Host Integrity Protection report
  csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
};

environment.systemPackages = [ globalprotect-openconnect ];

Run

Once the software is installed, you can run gpclient to start the UI.

Passing the Custom Parameters to OpenConnect CLI

Custom parameters can be appended to the OpenConnect CLI with the following settings.

Tokens with spaces can be surrounded by double quotes; three consecutive double quotes represent the quote character itself.

Display the system tray icon on Gnome 40

Install the AppIndicator and KStatusNotifierItem Support extension and you will see the system try icon (Restart the system after the installation).

Future plan

  • Improve the release process
  • Process bugs and feature requests
  • Support for bypassing the gpclient parameters
  • Support the CLI mode

Troubleshooting

The application logs can be found at: ~/.cache/GlobalProtect-openconnect/gpclient.log

GPLv3