How to install and use the Global Protect VPN Client on Ubuntu:

This tutorial summarizes the installation of the Global Protect VPN Client on Ubuntu 16.04+ for use at the TH Nuremberg and represents information as of 28.9.2019.

Disclaimer: This tutorial is provided for your convenience only. It has been written thoroughly, but as always there is no guarantee that it will work out-of-the-box for different installations. In such a case please contact the RZ help desk.

1) Uninstall other VPN Client software

e.g. Aventail / Dell Connect Tunnel:
sudo /usr/local/Aventail/uninstall.sh (mileage may vary on different installations)

2) Download Global Protect VPN Client

3) Unpack

tar zxf PanGPLinux.tgz --one-top-level=tmp
cd tmp

4) List contained files

dpkg-deb -c ./GlobalProtect_deb-5.0.4.0-6.deb

5) Install contained files

sudo apt install ./GlobalProtect_deb-5.0.4.0-6.deb

How to uninstall the Global Protect VPN Client on Ubuntu:

sudo apt remove globalprotect

How to use the Global Protect VPN Client on Ubuntu:

1) Start VPN Client utility

/opt/paloaltonetworks/globalprotect/globalprotect
or just
globalprotect

2) Open VPN connection to vpn.ohmportal.de

connect -portal vpn.ohmportal.de

3) Authenticate

authenticate with virtuohm credentials, e.g. roettgerst …

4) Browse VPN, e.g. Ohm internal pages

5) Close VPN connection

disconnect

6) Leave VPN Client utility

quit

7) For convenience, there is also a one-liner to start the client:

globalprotect connect -portal vpn.ohmportal.de

8) More information on the man pages:

man globalprotect

Summary of helpful commands:

  • globalprotect help
  • globalprotect connect -portal vpn.ohmportal.de
  • globalprotect show --status
  • globalprotect show --details
  • globalprotect show --statistics
  • globalprotect show --host-state
  • globalprotect disconnect
  • man globalprotect
Bash aliases for the command prompt (to be put in .bashrc):
alias vpn_on='globalprotect connect -portal vpn.ohmportal.de'
alias vpn_off='globalprotect disconnect'

Other VPN Client software:

Installation:
sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
Open connection:
sudo openconnect -protocol=gp vpn.ohmportal.de
Not recommended for Ubuntu 16 and 18, since older versions contain a bug that prevents authorization with the TH server! OpenConnect version >= 8 is required for a proper hand-shake with the TH server.
  • Aventail Sonic Wall / Dell Connect Tunnel
Not recommended, since it has proven to work unreliably with the TH server!

Other useful information:

To connect with eduroam on Ubuntu, the following information is required:

  • security: WPA/WPA2
  • authentication: PEAP
  • anonymous user: anonymous
  • certificate: /usr/share/ca-certificates/T-TeleSec_GlobalRoot_Class_2.crt
  • inner authentication: MSCHAPv2
  • user name: e.g. roettgerst@th-nuernberg.de
  • password: …

Options: