Globalprotect-openconnect can't connect on Manjaro Gnome Live but can on EndeavourOS Live

Hello there :raising_hand_woman:: It seems I just managed to make it work by copying the /etc/vpnc/vpnc-script from EndeavourOS to Manjaro :thinking:.

I haven’t bothered myself yet to compare the two, but the issue might come from there, that’s uncanny.

I’m trying to figure out why globalprotect-openconnect doesn’t work right from the get-go on Manjaro Gnome Live but does on EndeavourOS.

By doesn’t work, i.e., the application is installed, the configuration is the same in both distributions, but when using Manjaro, I can’t get through and access to restricted resources that aren’t accessible without the vpn.

Any idea how I can troubleshoot (gpclient --version, vpnc --version, ifconfig, etc.?), I’m trying to spot the differences between the two distributions in terms or network setup, tooling versions, etc.


ifconfig:

Manjaro

    ~  ifconfig                                                                                                                                                      ✔ 
enp56s0u2u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.53  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::7113:540f:3e25:e7ba  prefixlen 64  scopeid 0x20<link>
        ether 38:14:28:d8:4a:79  txqueuelen 1000  (Ethernet)
        RX packets 110819  bytes 133381445 (127.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49954  bytes 13719687 (13.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 321  bytes 269885 (263.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 321  bytes 269885 (263.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20f3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2a:97:29:b5:c2:a9  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

EndeavourOS

[liveuser@eos-2023.11.17 ~]$ ifconfig
enp56s0u2u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
       inet 192.168.1.53  netmask 255.255.255.0  broadcast 192.168.1.255
       inet6 fe80::49c7:a6ef:631f:93cd  prefixlen 64  scopeid 0x20<link>
       ether 38:14:28:d8:4a:79  txqueuelen 1000  (Ethernet)
       RX packets 34000  bytes 37710536 (35.9 MiB)
       RX errors 0  dropped 20  overruns 0  frame 0
       TX packets 16106  bytes 3807156 (3.6 MiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
       inet 127.0.0.1  netmask 255.0.0.0
       inet6 ::1  prefixlen 128  scopeid 0x10<host>
       loop  txqueuelen 1000  (Local Loopback)
       RX packets 672  bytes 672227 (656.4 KiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 672  bytes 672227 (656.4 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1455
       inet 10.2.193.219  netmask 255.255.255.255  destination 10.2.193.219
       inet6 fe80::a883:c036:dd6a:89e6  prefixlen 64  scopeid 0x20<link>
       unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
       RX packets 1150  bytes 1394299 (1.3 MiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 658  bytes 54986 (53.6 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
       ether c2:b2:c2:4d:9e:7c  txqueuelen 1000  (Ethernet)
       RX packets 0  bytes 0 (0.0 B)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 0  bytes 0 (0.0 B)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 

more /etc/gpservice/gp.conf:

Manjaro:

    ~  more /etc/gpservice/gp.conf                                                                                                                               INT ✘ 
# Configuration file for GlobalProtect-openconnect
#
# Description:
#
# Each section is a VPN gateway address, and [*] is a special section that defines the default configuration.
# See https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration for more details.
#
# Example:
#
# [*]
# openconnect-args=<value>
#
# [vpn1.company.com]
# openconnect-args=--script=/path/to/vpnc-script

[*]
openconnect-args=

EndeavourOS:

[liveuser@eos-2023.11.17 gpservice]$ more /etc/gpservice/gp.conf  
# Configuration file for GlobalProtect-openconnect
#
# Description:
#
# Each section is a VPN gateway address, and [*] is a special section that defines the default configuration.
# See https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration for more details.
#
# Example:
#
# [*]
# openconnect-args=<value>
#
# [vpn1.company.com]
# openconnect-args=--script=/path/to/vpnc-script

[*]
openconnect-args=

sudo more default.conf:

Manjaro:

[liveuser@eos-2023.11.17 vpnc]$ sudo more default.conf  
# example vpnc configuration file
# see vpnc --long-help for details

#Interface name tun0  
#IKE DH Group dh2
#Perfect Forward Secrecy nopfs

# You may replace this script with something better
#Script /etc/vpnc/vpnc-script
# Enable this option for NAT traversal
#UDP Encapsulate

#IPSec gateway my.gateway.com
#IPSec ID someid
#IPSec secret somesecret
#Xauth username myusername
#Xauth password mypassword

EndeavourOS:

[liveuser@eos-2023.11.17 vpnc]$ sudo more /etc/vpnc/default.conf
# example vpnc configuration file
# see vpnc --long-help for details

#Interface name tun0  
#IKE DH Group dh2
#Perfect Forward Secrecy nopfs

# You may replace this script with something better
#Script /etc/vpnc/vpnc-script
# Enable this option for NAT traversal
#UDP Encapsulate

#IPSec gateway my.gateway.com
#IPSec ID someid
#IPSec secret somesecret
#Xauth username myusername
#Xauth password mypassword

vpnc --version:

Manjaro:

    ~  vpnc --version                                                                                                                                            INT ✘ 
vpnc version 0.5.3
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License.  For more information about these matters, see the files
named COPYING.
Built with openssl certificate support. Be aware of the
license implications.

Supported DH-Groups: nopfs dh1 dh2 dh5 dh14 dh15 dh16 dh17 dh18
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)

EndeavourOS:

[liveuser@eos-2023.11.17 ~]$ vpnc --version
vpnc version 0.5.3
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License.  For more information about these matters, see the files
named COPYING.
Built with openssl certificate support. Be aware of the
license implications.

Supported DH-Groups: nopfs dh1 dh2 dh5 dh14 dh15 dh16 dh17 dh18
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)

Manjaro:

    ~  more /etc/resolv.conf                                                                                                                                       1 ✘ 
# Generated by NetworkManager
nameserver 109.0.66.20
nameserver 109.0.66.10

EndeavourOS:

[liveuser@eos-2023.11.17 ~]$ more /etc/resolv.conf  
# Generated by NetworkManager
nameserver 109.0.66.20
nameserver 109.0.66.10

It seems I just managed to make it work by copying the /etc/vpnc/vpnc-script from EndeavourOS to Manjaro :thinking:.

I haven’t bother myself yet to compare the two, but the issue might come from there, that’s uncanny.

It could be useful to post the content of each of these scripts for comparison. Learning what solves it might potentially help others to find what causes the issue.

1 Like