KDE NetworkManager + PAN Global Protect

Hi all,

yesterday I’ve updated my KDE Tumbleweed to the latest and now I can’t connect to my enterprise with PAN GP vpn - visible symptom is that NetworkManager does not save “PAN Global Protect” in connection parameters. After creating or editing and saving connection it still shows “Pulse…” and fails to connect. Despite, command line openconnect works perfectly. Any thoughts how to fix and have it function in NM?

Not enough info.

Although it’s possible to search your system logs, probabbly the easiest way to collect relevant system events is to just open an elevated console, run the following command and leave it open while you attempt to connect

journalctl -f

Are you saying you can connect by command line but unable to connect using Network Manager?

BTW -
This posting might have been more visible if posted in the Networking forum instead of Applications.

TSU

Hi TSU2,

thanks for your reply. Yes, that’s exactly what I say - I can no problem connect to vpn with openconnect in console, but NM fails. That’s why I doubt that journalctl will contain any useful info - NM GP plugin writes and shows its own logs in connect window. Here it is by the way:

Attempting to connect to server XXX.XXX.XXX.XXX:443
Connected to XXX.XXX.XXX.XXX:443
SSL negotiation with vpn.secret.com
Connected to HTTPS on vpn.secret.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 404 Not Found
Date: Tue, 02 Mar 2021 13:44:23 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
HTTP body length: (183)
Unexpected 404 result from server

The main symptom is that after new vpn connection creation in NM with super-sure “PAN GP” vpn protocol specified and pressing OK you open connection with Configure option and see that the protocol is still “Pulse Connect”. No matter if you’d change it to “PAN GP” and press Save, Apply, OK or whatever hundred of times - after reopening it for configuring it still is “Pulse”. So seems NM simply don’t save “PAN GP” as connection protocol. Moreover, it hates PaloAlto only - Juniper or Cisco is being saved successfully (can’t check it with real connection). NetworkManager-openconnect, openconnect, plasma-nm5-openconnect packages are installed and, moreover, I mo problem was able to use NM for this till the recent updates and suddenly it became broken :frowning:

BR.

Not strictly relevant to my problem but since a couple of days ago I am having serious problems with NM.
Will post on this when I have time but have other problem to sort first. My point is the NM has been changed recently.

NetworkManager-openconnect did not change in 8 months. Can you configure connection using nmcli or nmtui? Or using nm-connection-editor if you need full GUI. If any of these works, the problem is in KDE frontend which was updated a week ago.

What is nm-connection-editor? There is no such app in system nor “zypper se nm-connection-editor” gives nothing. And there is no any vpn option available in nm-tui.

The most close thing to native NM GUI.

There is no such app in system nor “zypper se nm-connection-editor” gives nothing.

NetworkManager-connection-editor

Sorry again but no such in system nor in repos.

I think you misunderstood me…
Didn’t mean for you to post the stdout of your command line connection,
I meant to open and then leave open a console running “journalctl -f” to capture system events,
Then invoke the problem which in your case is the graphical Network Manager connection.

TSU