Using native Gnome network vpn connection applet, attempt to establish vpn connection with PaloAlto gateway via GlogalProtect protocol fails with "invalid IP4 config received: no valid IP address/prefix" error. At same time CLI openconnect client does that flawlessly as well as native PA's GlobalProtect client.
Version-Release number of selected component (if applicable):
How reproducible:
Just try to establish vpn connection.
Steps to Reproduce:
1. Open Gnome Settings applet
2. Go to Network category
3. Add VPN connection with + button
4. Fill in gateway FQDN
5. Click Save
6. Turn on just created vpn connection
7. Enter creds
Actual results:
Gnome's notification "Connection failed" appears, no vpn connection established.
Expected results:
VPN connection's up and running
Additional info:
journalctl part of failure:
Jun 07 15:02:18 [HOSTNAME] NetworkManager[12054]: Configured as 100.64.98.207, with SSL disconnected and ESP established
Jun 07 15:02:18 [HOSTNAME] NetworkManager[12054]: Session authentication will expire at Tue Jun 14 15:02:16 2022
Jun 07 15:02:18 [HOSTNAME] openconnect[12054]: SIOCSIFMTU: Operation not permitted
Jun 07 15:02:19 [HOSTNAME] NetworkManager[1200]: <warn> [1654603339.0172] vpn[0x55cf89824350,664d128e-3224-4fd9-aa24-afe6036c010d,"[VPN]",if:6,dev:4:(vpn0)]: invalid IP4 config received: no valid IP address/prefix
Jun 07 15:02:19 [HOSTNAME] NetworkManager[1200]: <warn> [1654603339.0173] vpn[0x55cf89824350,664d128e-3224-4fd9-aa24-afe6036c010d,"[VPN]",if:6,dev:4:(vpn0)]: did not receive valid IP config information
Jun 07 15:02:19 [HOSTNAME] openconnect[12054]: Failed to spawn script '/usr/libexec/nm-openconnect-service-openconnect-helper' for connect: Interrupted system call
Jun 07 15:02:19 [HOSTNAME] openconnect[12054]: POST https://vpn-by.epam.com/ssl-vpn/logout.esp
Somewhere I've read that it can't digest some routing table entries being applied to the system during vpn connection and it seems to be true because it works to my other gates which have a bit simpler routing. But nevertheless.
Description of problem:
Using native Gnome network vpn connection applet, attempt to establish vpn connection with PaloAlto gateway via GlogalProtect protocol fails with "invalid IP4 config received: no valid IP address/prefix" error. At same time CLI openconnect client does that flawlessly as well as native PA's GlobalProtect client.
Version-Release number of selected component (if applicable):
How reproducible:
Just try to establish vpn connection.
Steps to Reproduce:
1. Open Gnome Settings applet
2. Go to Network category
3. Add VPN connection with + button
4. Fill in gateway FQDN
5. Click Save
6. Turn on just created vpn connection
7. Enter creds
Actual results:
Gnome's notification "Connection failed" appears, no vpn connection established.
Expected results:
VPN connection's up and running
Additional info:
journalctl part of failure:
Jun 07 15:02:18 [HOSTNAME] NetworkManager[ 12054]: Configured as 100.64.98.207, with SSL disconnected and ESP established 12054]: Session authentication will expire at Tue Jun 14 15:02:16 2022 1200]: <warn> [1654603339.0172] vpn[0x55cf89824 350,664d128e- 3224-4fd9- aa24-afe6036c01 0d,"[VPN] ",if:6, dev:4:( vpn0)]: invalid IP4 config received: no valid IP address/prefix 1200]: <warn> [1654603339.0173] vpn[0x55cf89824 350,664d128e- 3224-4fd9- aa24-afe6036c01 0d,"[VPN] ",if:6, dev:4:( vpn0)]: did not receive valid IP config information nm-openconnect- service- openconnect- helper' for connect: Interrupted system call /vpn-by. epam.com/ ssl-vpn/ logout. esp
Jun 07 15:02:18 [HOSTNAME] NetworkManager[
Jun 07 15:02:18 [HOSTNAME] openconnect[12054]: SIOCSIFMTU: Operation not permitted
Jun 07 15:02:19 [HOSTNAME] NetworkManager[
Jun 07 15:02:19 [HOSTNAME] NetworkManager[
Jun 07 15:02:19 [HOSTNAME] openconnect[12054]: Failed to spawn script '/usr/libexec/
Jun 07 15:02:19 [HOSTNAME] openconnect[12054]: POST https:/
Somewhere I've read that it can't digest some routing table entries being applied to the system during vpn connection and it seems to be true because it works to my other gates which have a bit simpler routing. But nevertheless.