gpclient CLI fails with Error: Gateway login error: 512 <unknown status code>
#318
Comments
|
Hi @lgsmith Thanks for your feedback. The |
|
Hey sorry this took me a while to get back to. I was very busy last week. Note that one of the peculiarities of this is that it pops open an authentication window as expected, then after I fill out the popup it asks me about Here's a copypaste from the stuff that gets printed to my terminal when I try to run the CLI with |
|
i am getting the exact same error |
|
@lgsmith @hussamnasir |
|
@yuezk The error was with running using sudo |
|
@hussamnasir does the GUI version work for you? |
|
yes it did until my trial license ended 2 days ago and that's when I switched to the CLi version. It worked both via the experiment browser connect and the pop browser window for authentication |
|
Have the CLI version ever worked for you? The CLI version has the same workflow except it doesn’t support the default browser. |
|
@hussamnasir From your logs, it got the auth cookie from the pop auth window but failed to log in to the gateway, the request failed with a 512 status code. So it tries to connect the portal as a gateway, but you canceled the auth workflow. |
|
Well, I got the pop-up the first time I authenticated, but then the pop-up for auth relaunched and I canceled it when it popped up the second time. |
|
You could try to authenticate the second time to see if it can connect. |
|
Yes it connects after the second auth . Is this a bug ? i am using Ubuntu 23.10 |
|
No. It’s related to the portal server. We will try the portal authentication first, and fall back to the gateway authentication workflow if failed. This is designed to support more portal servers. |
|
okay. Is the browser based experimental feature that is available in the GUI version be available for the |
|
Yes. Will add it in the future releases. |
|
When I run with sudo I am able to connect, but it still asks me to log in twice, serially, with popups. I see this is expected behavior but am wondering if I can set an option that causes it to default past the first kind of portal servers. Also, would be pretty great to not have to use sudo. Why is it that the CLI needs this but GUI doesn't? |
Will consider if I could add a new option for this. The GUI version can leverage the polkit policy, but the CLI cannot. See my above reply: #318 (comment) |
|
I am also experiencing the same issue of having to log in two times. A CLI option to choose an authentication option manually would be appreciated :) Btw. I also tried These are my logs: # It fails at first
[2024-04-02T14:38:01Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect
[2024-04-02T14:38:02Z WARN gpapi::gateway::login] Gateway login error: reason=<none>, status=512 <unknown status code>, response=<html>
<head></head>
<body>
var respStatus = "Error";
var respMsg = "Authentication failure: Invalid username or password";
thisForm.inputStr.value = "";
</body>
</html>
[2024-04-02T14:38:02Z INFO gpclient::connect] Gateway login failed: Gateway login error, reason: <none>
[2024-04-02T14:38:02Z INFO gpclient::connect] Treat the portal as the gateway, connecting...
[2024-04-02T14:38:02Z INFO gpapi::portal::prelogin] Prelogin with user_agent: PAN GlobalProtect
[2024-04-02T14:38:02Z INFO gpauth::cli] gpauth started: 2.1.1 (2024-03-25)
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Load the SAML request as URI...
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Loaded uri: https://i**********z/my.policy
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-02T14:38:02Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-02T14:38:02Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-02T14:38:02Z INFO gpauth::auth_window] No auth data found in HTML
[2024-04-02T14:38:02Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-02T14:38:02Z INFO gpauth::auth_window] Raise window in 1 second(s)
[2024-04-02T14:38:04Z WARN gpapi::utils::window] Failed to raise window: Failed to raise window: GlobalProtect Login
[2024-04-02T14:38:10Z INFO gpauth::auth_window] Loaded uri: https://i**********z/my.policy
[2024-04-02T14:38:10Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-02T14:38:10Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-02T14:38:10Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-02T14:38:10Z INFO gpauth::auth_window] No auth data found in HTML
[2024-04-02T14:38:10Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-02T14:38:17Z INFO gpauth::auth_window] Loaded uri: https://i**********z/saml/idp/profile/redirectorpost/sso?SAMLRequest=l**********b&RelayState=f**********w&SigAlg=h**********6&Signature=b**********%3D
[2024-04-02T14:38:17Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-02T14:38:17Z INFO gpauth::auth_window] No saml-auth-status header found
[2024-04-02T14:38:17Z INFO gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-04-02T14:38:17Z INFO gpauth::auth_window] No auth data found in HTML
[2024-04-02T14:38:17Z INFO gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-04-02T14:38:17Z INFO gpauth::auth_window] Loaded uri: https://g**********z/SAML20/SP/ACS
[2024-04-02T14:38:17Z INFO gpauth::auth_window] Trying to read auth data from response headers...
[2024-04-02T14:38:17Z INFO gpauth::auth_window] Got auth data from headers
# Then it succeeds
[2024-04-02T14:38:17Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect
[2024-04-02T14:38:17Z INFO openconnect::ffi] openconnect version: v8.20-1
[2024-04-02T14:38:17Z INFO openconnect::ffi] User agent: PAN GlobalProtect
[2024-04-02T14:38:17Z INFO openconnect::ffi] VPNC script: /usr/share/vpnc-scripts/vpnc-script
[2024-04-02T14:38:17Z INFO openconnect::ffi] OS: linux
[2024-04-02T14:38:17Z INFO openconnect::ffi] CSD_USER: 1000
[2024-04-02T14:38:17Z INFO openconnect::ffi] CSD_WRAPPER: /usr/libexec/openconnect/hipreport.sh
[2024-04-02T14:38:17Z INFO openconnect::ffi] MTU: 0
[2024-04-02T14:38:17Z INFO openconnect::ffi] POST https://xxxxxx.xx/ssl-vpn/getconfig.esp
[2024-04-02T14:38:17Z INFO openconnect::ffi] Connected to xx.xx.xx.xx:xxx
While it says EDIT: I am on version |
|
@Papooch Thanks for the logs, I will investigate it and add an option if necessary. |
|
@Papooch In 2.1.3, I added the option Closing it for now, reopen if it is not fixed. |
|
Thank you for the quick fix! It works as expected now and I don't have to re-enter my information twice! |
|
Thanks, this also worked for me. I'm a bit curious what the |
|
The |
I'm having an issue using the CLI, although I'm able to use the GUI. The symptom of this is I start the commandline client, get the expected popup window, sign in with my credentials, then get a commandline request to pick
vag-external-GWorhnt-external-GW. Either one results in a new popup with a second login request. When I submit that one, it logs me out with the error in the title line.Oddly, there is no file at
.local/share/gpclient/gpclient.log. Happy to provide any additional info. I'm on Kubuntu 22.04 LTS, and as I said have a working connection through the GUI client.The text was updated successfully, but these errors were encountered: