Need to connect your Linux desktop to a GlobalProtect VPN, but your company uses Okta Push 2FA? You've come to the right place!
This script was tested on Xubuntu 19.10 and CentOS 8. Only Xubuntu "works" but CentOS 8 is nearly working. This is all unsupported. YMMV.
If you are running a recent Debian/Red Hat distro, you should be able to run ./install.sh.
If not, well... here's what the script does.
- Installs OpenConnect version 8. Minimum requirement unless you want to patch stuff, but that's on you. You need a version that supports
--protocol=gpso make it happen however. - Fetches a copy of gp-saml-gui.
- If it is not already installed, it fetches a fake HIP report script so the VPN thinks we're kosher.
- Installs whatever is required to run the aforementioned dependencies.
After that, edit /etc/gp-okta.conf and set VPN_SERVER to your VPN server domain name, if you somehow failed to enter the VPN domain during install.
Finally, if you desire a UI to enable or disable this, check out the other install scripts here.
That's it.
Again, if your system is script-friendly, just run start.sh and magic should happen.
If not, well... here's what the script does.
- Checks that some of the crap mentioned above is installed.
- Sources
/etc/gp-okta.confto getVPN_SERVER. - Executes
gp-saml-gui.pyand displays a WebKit window to log in via Okta. - Evaluates the output of
gp-saml-gui.pyto get the needed variables for making the connection. - Executes
openconnectwith all the correct flags.
Run stop.sh. Or kill the running openconnect process. Whatever.
- CentOS 8 almost works, but DNS is to be an issue. I don't know why.
- No NetworkManager integration yet, and it doesn't look good.
- Some Gnome Shell installations may require gnome-tweaks to actually enable the indicator applet.