We can connect ubuntu 14.04 users to GlobalProtect with the help of strongswan client.
On the Palo Alto Networks firewall, turn on xauth and give a Group name and Group password. The remaining requirements must be done on software installed on ubuntu.
Do the following in ubuntu:
1. Log in as root in ubuntu 14.04 and rthe un following command to install the following software:
apt-get install strongswan-starter
apt-get install strongswan-plugin-xauth-generic
2. Modify the following file. Inside directory /etc there are two files: ipsec.conf and ipsec.secrets
ipsec.conf:
In the above config, the left field is the IP address of the GlobalProtect client. If the IP address is coming from DHCP, then we can specify the following value as left=%any
The right field is the value of the GlobalProtect portal.
ipsec.secrets:
3. Try to run the following command on ubuntu to connect:
- Run the command to bring ipsec service on on the ubutnu
#ipsec start
- Run this command to bring the tunnel up.
ipsec up gateway --> Here the name gateway is the name given in the ipsec.config file.
- c) Run the following command to check the status of the tunnel.
ipsec status