Arch Linux User Repository

If you want to use old pulse-secure client 9.1r9, please download the following package.

https://drive.google.com/file/d/1_8tRA-T9vV08n_TpHqdcG5IvalxBuZ7_/view?usp=sharing

The rewritten pulse-secure client requires a service called 'pulsesecure'. Please enable and start the service before running the client.

After installing the 9.1R10 version package, I had to install the following packages libbsd, gtkmm3 and webkit2gtk to work that I did not have in my installation.

When adding my connection I have seen the following errors in the log.

root /opt/pulsesecure/bin/pulsesecure ConnectionStore p0226 tE2 ConnectionStoreDocSet.cpp: 562 - 'ConnectionStoreService' SaveDocument: /var/lib/pulsesecure/pulse/connstore.dat
root /opt/pulsesecure/bin/pulsesecure ConnectionStore p0226 tE2 ConnectionStoreDocSet.cpp: 568 - 'ConnectionStoreService' Failed fopen: 2 /var/lib/pulsesecure/pulse/connstore.tmp

When trying to connect to my connection, it gives an error when verifying the certificate, the following message appears in the log:

user /opt/pulsesecure/bin/pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1318 - 'JamCertLib' getSystemInfo: Linux 5.10.15-arch1-1 # 1 SMP PREEMPT Wed, 10 Feb 2021 18: 32: 4 0 +0000 x86_64
user /opt/pulsesecure/bin/pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1339 - 'JamCertLib' Certificate CA store file: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
user /opt/pulsesecure/bin / pulseUI pulseUI p48165 tBC3D linuxCert.cpp: 1356 - 'JamCertLib' Failed to load CA certs. verifyTrust failed

After creating the directory /var/lib/pulsesecure/pulse, and the symbolic link /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -> /etc/ca-certificates/extracted/ca -bundle.trust.crt

When trying to connect it stays in a loop, conecting -> securing connection

On the terminal there are continually messages: DBUS api call failed with code: 2 - message: GDBus.Error: org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files

The following error appears in the log:

root /opt/pulsesecure/bin/pulsesecure dsTMService p49941 tC343 tunnel2.cpp: 197 - 'TM' Initialize (): ERROR: Create I_IPSecSystemMgr failed 0xe0020026

The HostChecker seems to terminate well root /opt/pulsesecure/bin/pulsesecure HostCheckerService p0226 tB E43 TnccLink.cpp: 142 - 'NotifyConnectionChange' Host check finished, result for connection 0x1 on NAR 0x132d481, new state Open ': Success'

The error seems to be when trying to create the virtual network adapter.

@abyss02 I've already packaged the new client, and posted it to the previous comment (https://aur.archlinux.org/packages/pulse-secure/?O=10&PP=10#comment-7870590) with test request.

I'm struggling with the failure of host checker in 9.1r10. After fixing the failure, I'll upload the new package.

hey, can you please provide the new client 9.1.R10, you can find it here: https://vubnet.vub.ac.be/downloads.html

Do we need a service to start puilse-secure now? Ohh boy... But I don't think the seg faulting using the backported libs, are due to that, do you @chiwanpark?

BTW, I don't think I can test any time soon then, if systemd is required, since I use Artix, so I'd need to port the service to S6, which is the init+supervisor system I use. So if the package moves to a newer release (I see it worked for @mattonthehill) I'll have to stick with the 7.73.0, until porting the service, or finding a work around by using openconnect somehow. I understand openconnect doesn't handle pulse MFA, but perhaps some people out there is doing magic with it...

@mattonthehill: Thanks for your testing. :)

@je-vv: from 9.1R10, you need to start pulsesecure.service via sudo systemd start pulsesecure.service. The message DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files is shown because the service is not running.

I will automatically enable the service after updated package. Thanks for reporting.

@thecrow, I don't know what else to put in there, they don't accept the fact the package got broken.

@chiwanpark, I tested the binary package you made available with 9.1r10.0_b5655, without reverting curl, neither changing LD_LIBRARY_PATH, and it just seg faults without any output:

% /opt/pulsesecure/bin/pulseUI
Segmentation fault

And by using the backported libraries provided by curl-pulse-secure thorough LD_LIBRARY_PATH, it still seg faults, though the gui shows up for a bit less than a second:

% export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/local/pulse"
% /opt/pulsesecure/bin/pulseUI
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
Segmentation fault

So now, things look way worse than before, because it seg fauls no matter if using the backported libraries or not...

Running without backported libs with gdb shows:

% gdb /opt/pulsesecure/bin/pulseUI
...
Reading symbols from /opt/pulsesecure/bin/pulseUI...
(No debugging symbols found in /opt/pulsesecure/bin/pulseUI)
(gdb) run
Starting program: /opt/pulsesecure/bin/pulseUI 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff09aff7e in __strcmp_avx2 () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff09aff7e in __strcmp_avx2 () at /usr/lib/libc.so.6
#1  0x00007ffff12dacbb in lh_insert () at /opt/pulsesecure/lib/dsOpenSSL/libcrypto.so
#2  0x00007ffff123c994 in OBJ_NAME_add () at /opt/pulsesecure/lib/dsOpenSSL/libcrypto.so
#3  0x00007fffeca0e021 in  () at /usr/lib/libssl.so.1.1
#4  0x00007ffff7f7918f in __pthread_once_slow () at /usr/lib/libpthread.so.0
#5  0x00007fffec8e54ea in CRYPTO_THREAD_run_once () at /usr/lib/libcrypto.so.1.1
#6  0x00007fffeca0e224 in OPENSSL_init_ssl () at /usr/lib/libssl.so.1.1
#7  0x00007fffecb40731 in  () at /usr/lib/libcurl.so.4
#8  0x00007fffecaf3735 in  () at /usr/lib/libcurl.so.4
#9  0x00007ffff7fe12de in call_init.part () at /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff7fe13c8 in _dl_init () at /lib64/ld-linux-x86-64.so.2
#11 0x00007ffff098d0e5 in _dl_catch_exception () at /usr/lib/libc.so.6
#12 0x00007ffff7fe5705 in dl_open_worker () at /lib64/ld-linux-x86-64.so.2
#13 0x00007ffff098d088 in _dl_catch_exception () at /usr/lib/libc.so.6
#14 0x00007ffff7fe4f3e in _dl_open () at /lib64/ld-linux-x86-64.so.2
#15 0x00007ffff7f6334c in  () at /usr/lib/libdl.so.2
#16 0x00007ffff098d088 in _dl_catch_exception () at /usr/lib/libc.so.6
#17 0x00007ffff098d153 in _dl_catch_error () at /usr/lib/libc.so.6
#18 0x00007ffff7f63b89 in  () at /usr/lib/libdl.so.2
#19 0x00007ffff7f633d8 in dlopen () at /usr/lib/libdl.so.2
#20 0x00007fffed1161ac in  () at /usr/lib/libdw.so.1
#21 0x00007ffff7fe12de in call_init.part () at /lib64/ld-linux-x86-64.so.2
#22 0x00007ffff7fe13c8 in _dl_init () at /lib64/ld-linux-x86-64.so.2
#23 0x00007ffff7fd20ca in _dl_start_user () at /lib64/ld-linux-x86-64.so.2
#24 0x0000000000000001 in  ()
#25 0x00007fffffffdbde in  ()
#26 0x0000000000000000 in  ()

So there you go, there are still issues with the curl library...

And doing the same using LD_LIBRARYPATH with the backported curl libraries:

% gdb /opt/pulsesecure/bin/pulseUI
...
Reading symbols from /opt/pulsesecure/bin/pulseUI...
(No debugging symbols found in /opt/pulsesecure/bin/pulseUI)
(gdb) run
Starting program: /opt/pulsesecure/bin/pulseUI 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffec007640 (LWP 7998)]
[New Thread 0x7fffeb806640 (LWP 7999)]
[New Thread 0x7fffeaec0640 (LWP 8000)]
[New Thread 0x7fffec0a6a40 (LWP 8001)]
[New Thread 0x7fffea6bf640 (LWP 8003)]
[New Thread 0x7fffe9ebe640 (LWP 8004)]
[New Thread 0x7fffe88da640 (LWP 8005)]
[New Thread 0x7fffd3fff640 (LWP 8006)]
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
[Thread 0x7fffe88da640 (LWP 8005) exited]
[Thread 0x7fffd3fff640 (LWP 8006) exited]
[New Thread 0x7fffd3fff640 (LWP 8007)]
[Thread 0x7fffe9ebe640 (LWP 8004) exited]
[Thread 0x7fffea6bf640 (LWP 8003) exited]
[New Thread 0x7fffea6bf640 (LWP 8010)]
[New Thread 0x7fffe9ebe640 (LWP 8011)]
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 
DBUS api call failed with code: 2 - message:GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name net.psecure.pulse was not provided by any .service files 

Thread 11 "pulseUI" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea6bf640 (LWP 8010)]
0x00007ffff09b7ee1 in __memset_avx2_erms () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff09b7ee1 in __memset_avx2_erms () at /usr/lib/libc.so.6
#1  0x0000555555554ccc in  ()
#2  0x0000555555550495 in GetDSAccessServiceInterface(pincGuid const&, unsigned int, void**) ()
#3  0x0000555555550586 in DSAccessGetPluginInterface(char const*, pincGuid const&, unsigned int, void**) ()
#4  0x000055555551bb3e in DialogManager::InitiateJUNS() ()
#5  0x000055555552436f in DialogManager::OnJamTimer(unsigned int) ()
#6  0x0000555555507c1b in CJamCommandListProcessor::OnJamTimer(unsigned int) ()
#7  0x00007ffff7f5d63c in  () at /usr/lib/librt.so.1
#8  0x00007ffff7f713e9 in start_thread () at /usr/lib/libpthread.so.0
#9  0x00007ffff0952293 in clone () at /usr/lib/libc.so.6

Then there are issues with glibc...

And the community forum seems totally useless to me, as well as the comments some of those guys have included in the github issue... Whether saying got get support with a big shot guy doing business with them, or just install a newer version, which is just as useless, when never getting to debug what's broken. It's really tiresome to try arguing with them.

Thanks for your package @chiwanpark - I managed to connect to my workplace's VPN, after the following steps:

• Install curl-pulse-secure;
• Start the pulsesecure service;
• Run PulseUI with "LD_LIBRARY_PATH=/usr/local/pulse pulseUI"

It still complains quite a lot, but it worked and let me set up a connection. Thanks again!

@chiwanpark,@je-vv Podeis actualizar la información que solicitan desde el foro de pulse secure, para replicar el problema con curl 7.74

@chiwanpark, although 9.1R10 does not fix the curl related segfault, I see it positive if you update the package any ways. Thanks a lot !

BTW, on all 3 posts under the pulse-secure comuniy forum where I'm involved, the answer is always to get a big shot on business relations with pulse-secure, to get in contact with them. So I guess there won't be any support from pulse-secure to final users on the issues their own SW generates. There's NO way to reach out to their devs or support team. I don't have any alternative, given the company where I work chose pulse-secure and uses MFA even requiring its GUI, which depends on obsolete and insecure webkitgtk.

I guess the work around with curl-pulse-secure is all there will be, until everything starts segfaulting on other platforms with more users, like redhat derivatives and debian/ubuntu derivatives, which can influence big shots from IT making business with them. That's to be expected from closed source SW I'd guess... How disappointing !!