How to install and use the Global Protect VPN Client on Ubuntu:

This tutorial summarizes the installation of the Global Protect VPN Client on Ubuntu 16.04+ for use at the TH Nuremberg and represents information as of 28.9.2019.

Disclaimer: This tutorial is provided for your convenience only. It has been written thoroughly, but as always there is no guarantee that it will work out-of-the-box for different installations. In such a case please contact the RZ help desk.

1) Uninstall other VPN Client software

e.g. Aventail / Dell Connect Tunnel:
sudo /usr/local/Aventail/ (mileage may vary on different installations)

2) Download Global Protect VPN Client

3) Unpack

tar zxf PanGPLinux.tgz --one-top-level=tmp
cd tmp

4) List contained files

dpkg-deb -c ./GlobalProtect_deb-

5) Install contained files

sudo apt install ./GlobalProtect_deb-

How to uninstall the Global Protect VPN Client on Ubuntu:

sudo apt remove globalprotect

How to use the Global Protect VPN Client on Ubuntu:

1) Start VPN Client utility

or just

2) Open VPN connection to

connect -portal

3) Authenticate

authenticate with virtuohm credentials, e.g. roettgerst …

4) Browse VPN, e.g. Ohm internal pages

5) Close VPN connection


6) Leave VPN Client utility


7) For convenience, there is also a one-liner to start the client:

globalprotect connect -portal

8) More information on the man pages:

man globalprotect

Summary of helpful commands:

  • globalprotect help
  • globalprotect connect -portal
  • globalprotect show --status
  • globalprotect show --details
  • globalprotect show --statistics
  • globalprotect show --host-state
  • globalprotect disconnect
  • man globalprotect
Bash aliases for the command prompt (to be put in .bashrc):
alias vpn_on='globalprotect connect -portal'
alias vpn_off='globalprotect disconnect'

Other VPN Client software:

sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
Open connection:
sudo openconnect -protocol=gp
Not recommended for Ubuntu 16 and 18, since older versions contain a bug that prevents authorization with the TH server! OpenConnect version >= 8 is required for a proper hand-shake with the TH server.
  • Aventail Sonic Wall / Dell Connect Tunnel
Not recommended, since it has proven to work unreliably with the TH server!

Other Linux Distributions:

On Linux Mint and OpenSuse it is recommended to use OpenConnect v8.0+ instead of Global Protect. For other Linux distributions no further information is currently available.

Other useful information:

To connect with eduroam on Ubuntu, the following information is required:

  • security: WPA/WPA2
  • authentication: PEAP
  • anonymous user: anonymous
  • certificate: /usr/share/ca-certificates/T-TeleSec_GlobalRoot_Class_2.crt
  • inner authentication: MSCHAPv2
  • user name: e.g.
  • password: …