Senin, 11 Februari 2019

Cara Install GlobalProtect VPN Client di Linux Ubuntu 18.04 LTS


Kali ini saya ingin sedikit share bagaimana cara nya install VPN Client dari Palo Alto yaitu GlobalProtect di Linux Ubuntu 18.04

1. Pertama kali kita harus punya file PanGPLinux-4.1.1-c14.tgz

File tersebut bisa di dapatkan dari login ke support portal nya PaloAlto, atau kalau cari di google saya ketemu ada yang share disini

2. Setelah download filenya, bisa langsung di extract :

tar -xvf ~/pkgs/PanGPLinux-4.1.1-c14.tgz

3. Nanti dari hasil file extract nya akan ada 3 file yaitu :

GlobalProtect_deb-4.1.1.0-14.deb                           
GlobalProtect_rpm-4.1.1.0-14.rpm                           
GlobalProtect_tar-4.1.1.0-14.tgz

4. Kita bisa install yang file .deb nya :

$ sudo dpkg -i GlobalProtect_deb-4.1.1.0-14.deb

[sudo] password for dony:
Selecting previously unselected package globalprotect.
(Reading database ... 201969 files and directories currently installed.)
Preparing to unpack GlobalProtect_deb-4.1.1.0-14.deb ...
Start installing gp...
Unpacking globalprotect (4.1.1-14) ...
Setting up globalprotect (4.1.1-14) ...
Enable gp service...
Starting gp service...
Create symlink for gp cli...
Starting gpa...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

5. Untuk menjalankan nya tinggal ketik saja perintah :

$ globalprotect
>>

Untuk keluar, ketik quit  :

>> quit

6. Untuk perintah help nya :

>> help
Usage: only the following commands are supported: 
collect-log            -- collect log information 
connect                -- connect to server 
disconnect             -- disconnect
disable                -- disable connection
import-certificate     -- import client certificate file
quit                   -- quit from prompt mode
rediscover-network     -- network rediscovery
remove-user            -- clear credential 
resubmit-hip           -- resubmit hip information
set-log                -- set debug level
show                   -- show information

Command-line mode:
user@linuxhost:~$ globalprotect help
Usage: only the following commands are supported: 
collect-log            -- collect log information 
connect                -- connect to server 
disconnect             -- disconnect
disable                -- disable connection
import-certificate     -- import client certificate file
quit                   -- quit from prompt mode
rediscover-network     -- network rediscovery
remove-user            -- clear credential 
resubmit-hip           -- resubmit hip information
set-log                -- set debug level
show                   -- show information

7. Cara koneksi ke server VPN Palo Alto nya adalah :

$ globalprotect connect --portal myportal.example.com

Retrieving configuration...                                            
Disconnected
There is a problem with the security certificate, so the identity of 10.3.188.61 cannot be verified. Please contact the Help Desk for your organization to have the issue rectified.
Warning: The communication with 10.3.188.61 may have been compromised. We recommend that you do not continue with this connection.
Error details:Do you want to continue(y/n)?y
Retrieving configuration...                                            
Disconnected
10.3.188.61 - portal:local:Enter login credentials
username:user1
Password:
Retrieving configuration...                                            
Discovering network...
Connecting...
Connected 

8. Jika butuh certificate, maka harus di import terlebih dahulu :

$ globalprotect import-certificate --location /home/mydir/Downloads/cert_client_cert.p12 
Please input passcode:
Import certificate is successful. 

Setelah selesai import, tinggal coba connect lagi

9. Untuk Mengecek status koneksi nya :

$ globalprotect show --status
GlobalProtect status: Connected

$ globalprotect show --details           
Assigned IP address: 192.168.1.132                                      
Gateway IP address: 192.168.1.180
Protocol: IPSec
Uptime(sec): 231



Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah
site : http://donyramansyah.net
blog : dony-ramansyah.blogspot.com
email : dony.ramansyah[at]gmail.com
Registered linux user : ID 40017