Connect to Palo Alto GlobalProtect VPN in ArchLinux

As for my local workstation I don’t like using Windows – but sometimes you need to. In my case I was able to connect all my devices to (correct configured) Palo Alto Networks Firewall. All my devices except my Surface RT of course – Microsoft is just pushing customers to buy PRO or Surface RT 2.0.

First of all you’ll need to configure a VPN profile in your Palo Alto device. I’m not going to describe the whole wizard (LDAP, DNS, certificates etc), but if you would like to read some good know-how’s just take a good look at these URL’s (there are a lot more):

Make sure you’ve correctly configured:

  • Certificates
  • User Authentication
  • Gateway Configuration
  • Portal Configuration

For example like:

Now enter a desirable:

  • Group Name
  • Group Password
  • Confirm Group Password

Settings in ArchLinux

It’s time to install the following packages in ArchLinux (I use Gnome with NetworkManager):

# sudo pacman -S vpnc network-manager-vpnc

Now open your Network Settings

Select Interface VPN:

Select CISCO Compatible VPN:

Fill in your account details, group name, group password (PSK) and gateway:

Check the Advanced Options:

Open the IPv4 settings and select the VPN only to use for resources on its network (split-tunnel):

Ready! Yes.

Now you should be able to enable the VPN on your ArchLinux workstation.