Arch Linux User Repository

@david-perez i finally found an SSL fix/workaround, see here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/comments/32

On arch, this is /etc/ssl/openssl.cnf

I've managed to use GlobalProtect 6.2.0-625 with Arch Linux (in Cachy OS).

Here what I've done:

1) Copy supplied files in "/opt/paloaltonetworks/globalprotect"

2) Execute:

sudo paru qt5-webkit
sudo ln -s /opt/paloaltonetworks/globalprotect/gpd.service /etc/systemd/system/
sudo ln -s /opt/paloaltonetworks/globalprotect/globalprotect /usr/bin/
sudo ln -s /opt/paloaltonetworks/globalprotect/gpa.service /etc/systemd/user/
sudo systemctl daemon-reload
sudo systemctl enable --now gpd
sudo systemctl --global enable gpa.service
systemctl start --user gpa

3) Download https://archive.archlinux.org/packages/i/icu/icu-73.2-2-x86_64.pkg.tar.zst Extract files, and place libicu*.73.2 in /opt/paloaltonetworks/globalprotect

4) Client can be started in this way:

LD_LIBRARY_PATH=/opt/paloaltonetworks/globalprotect /opt/paloaltonetworks/globalprotect/PanGPUI start

5) The only problem I'm experiencing is:

Could not verify the server certificate of the gateway.  
If the issue persists, contact your administrator

I don't know if it is a problem with the gateway of the GP client. Any help will be welcome.

I've moved to globalprotect-openconnect-git instead so I will leave this package for someone else to adopt (who is hopefully actively using it)

I know that 6.2 exists as it is referenced on palo alto website, but I dont have it. Latest my it are giving me is 6.1.2.0, but its problematic for me as well, I have to keep another version of libicu just for vpn.

The latest version from my company server is 6.1.1.c4, is that the current version? I also don't get it to work properly, so don't want to submit update until I manage to fix. If anyone else want to adopt please let me know, you can probably do a better job than me :)

The company I work for mandated the use of a different distro. I'll be unable to continue maintaining this package.

Any chance to upgrade this to 6.2?

Finally I modified the script to be

#!/bin/bash

if [ $(id -u) -ne 0 ]; then
  PANGPA=/opt/paloaltonetworks/globalprotect/PanGPA

  pgrep -u $USER PanGPA > /dev/null 2>&1

  if [ $? -ne 0 ]; then
    if [ -f $PANGPA ]; then
      $PANGPA start &
    fi
  fi
fi

I second @Malvineous approach. I also commented out the /etc/profile.d/ file and just copied it to my user's ~/.profile file. I was getting some errors when launching a root terminal so I wanted them to go away.

Edit: Seems the errors were because I didn't start the gpd service. All good now.

Hello @Malvineous, currently this package will install both gpd.service & gpa.service globally:

❯ pacman -Ql globalprotect-bin | grep systemd
globalprotect-bin /usr/lib/systemd/
globalprotect-bin /usr/lib/systemd/system/
globalprotect-bin /usr/lib/systemd/system/gpa.service
globalprotect-bin /usr/lib/systemd/system/gpd.service

I have not personally tested running those services in user space:

❯ for svc in gpa gpd; do systemctl --user status $svc; done
Unit gpa.service could not be found.
Unit gpd.service could not be found.

Regarding the recommendation to enable gpd.service as a post-install script, I don't recall the community standard regarding service enablement by default. In RPM-type distros, I believe the default is to leave services disabled at package install, requiring the user to explicitly enable the desired service(s). I'm open to doing it if that's not this community's standard.

Please note that I'm testing this software and have been running into bugs, so I'm very open to the feedback. Thanks again!