How to install GlobalProtect (GP) VPN on Linux

Packages to Install

vpnc
network-manager-vpnc

Configuration Instructions
Each distro is going to be slightly different.

Debian/*buntu (Mint)
The images at the bottom are screen captures from Debian/*buntu.

Steps To Follow

Select your network-manager icon in the taskbar

Then Network Settings
Then the "+" icon in the bottom left
Then Interface == VPN
Then choose VPNC
Then mirror the settings shown in the screenshots at the bottom of this page:
o VPN TAB
Gateway == 12.38.14.15
(RDU Gateway=12.38.14.15, SJ Gateway: 12.0.204.221)
User Name == your id
User Password == your Windows password
Group Name == vpnc
Group Password == vpnc123!@#
Your choice on "Always Ask" or "Save" passwords
Domain == (blank)
Encryption Method == Secure
NAT Traversal == NAT-T (if available)
IKE DH Group == DH Group 2
Perfect Forward Secrecy == Server
Vendor == Cisco
Application Version == (blank)
Local Port == Automatic
Enable Dead Peer Detection == Yes (checkbox) or Disable Dead Peer
Detection == No
(checkbox)
o IPV4 TAB
Method == Automatic (VPN) addresses only
DNS Servers are: (RDU)
10.6.24.31
10.6.25.31
(SJ DNS Servers: 10.254.16.50, 10.254.16.31)
Search Domains
extremenetworks.com corp.extremenetworks.com
DHCP Client ID == (blank)
o Tweaking of Routes
IPv4 Settings, then "Routes..."
Add a route for "10.0.0.0", netmask 255.0.0.0. Leave Gateway and
Metric empty.

Legacy Extreme subnets: 10.0.0.0/8,

Legacy Enterasys subnets: 134.141.128.0/17,
134.141.64.0/18, 134.141.32.0/19, 134.141.16.0/20,
134.141.8.0/21, 134.141.6.0/23, 134.141.5.0/24
Note (OpenSUSE): on some distros you may have to put in a
gateway (otherwise it won't accept the add). I used "10.0.0.1"...
Check "Use this connection only for resources on its network"

Troubleshooting
State of IP devices when the VPN is up

dan@seventeen:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NOCARRIER,
BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 5c:f9:dd:61:73:a4 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 60:6c:66:c9:44:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.148/24 brd 192.168.1.255 scope global wlan0
inet6 fe80::626c:66ff:fec9:443d/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1412 qdisc pfifo_fast state
UNKNOWN
qlen 500
link/none
inet 10.6.14.1/32 brd 10.6.14.1 scope global tun0
dan@seventeen:~$ ip r s
default via 192.168.1.1 dev wlan0 proto static
10.0.0.0/8 dev tun0 proto static
12.38.14.15 via 192.168.1.1 dev wlan0 proto static
169.254.0.0/16 dev tun0 scope link metric 1000
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.148 metric 9
dan@seventeen:~$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

Watch Netlink While Bringing the VPN up

dan@seventeen:~$ ip monitor
delete 224.0.0.251 dev wlan0 lladdr 01:00:5e:00:00:fb NOARP
delete 224.0.0.22 dev wlan0 lladdr 01:00:5e:00:00:16 NOARP
delete 127.0.1.1 dev lo lladdr 00:00:00:00:00:00 NOARP
5: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN
link/none
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN
link/none
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500
link/none
5: tun0 inet 10.6.14.2/32 brd 10.6.14.2 scope global tun0
local 10.6.14.2 dev tun0 table local proto kernel scope host src 10.6.14.2
broadcast 10.6.14.2 dev tun0 table local proto kernel scope link src 10.6.14.2

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1412 qdisc pfifo_fast state

UNKNOWN
link/none
12.38.14.15 via 192.168.1.1 dev wlan0 proto static
default dev tun0 proto static
169.254.0.0/16 dev tun0 scope link metric 1000
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP>
link/ether
192.168.1.1 dev wlan0 lladdr 00:23:69:b3:9f:d7 STALE
delete ff02::fb dev wlan0 lladdr 33:33:00:00:00:fb NOARP
delete 127.0.0.1 dev lo lladdr 00:00:00:00:00:00 NOARP

Watch Netlink While Bringing the VPN Down

dan@seventeen:~$ ip monitor
delete 173.194.38.131 dev tun0 lladdr NOARP
delete 74.125.228.40 dev tun0 lladdr NOARP
Deleted 3: wlan0 inet 192.168.1.148/24 brd 192.168.1.255 scope global wlan0
Deleted 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.148 metric 9
Deleted broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.148
Deleted broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.148
Deleted local 192.168.1.148 dev wlan0 table local proto kernel scope host src 192.168.1.148
delete 192.168.1.1 dev wlan0 lladdr 00:23:69:b3:9f:d7 REACHABLE
3: wlan0 inet 192.168.1.148/24 brd 192.168.1.255 scope global wlan0
local 192.168.1.148 dev wlan0 table local proto kernel scope host src 192.168.1.148
broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.148
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.148
broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.148
Deleted 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.148
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.148 metric 9
default via 192.168.1.1 dev wlan0 proto static
192.168.1.1 dev wlan0 lladdr 00:23:69:b3:9f:d7 REACHABLE
5: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1412 qdisc pfifo_fast state DOWN
link/none
delete 74.125.228.52 dev tun0 lladdr $b NOARP
delete 74.125.135.125 dev tun0 lladdr $b NOARP
delete 98.191.213.12 dev tun0 lladdr $b NOARP
delete 173.194.38.142 dev tun0 lladdr $b NOARP
delete 10.68.40.10 dev tun0 lladdr $b NOARP
delete 138.236.128.112 dev tun0 lladdr $b NOARP
delete 97.107.128.58 dev tun0 lladdr $b NOARP
delete 12.38.14.15 dev tun0 lladdr $b NOARP
delete 172.245.21.168 dev tun0 lladdr $b NOARP
delete 91.189.94.4 dev tun0 lladdr $b NOARP
delete 173.194.38.136 dev tun0 lladdr $b NOARP
Deleted local 10.6.14.2 dev tun0 table local proto kernel scope host src 10.6.14.2
Deleted 5: tun0 inet 10.6.14.2/32 brd 10.6.14.2 scope global tun0
Deleted 5: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1412 qdisc noop state DOWN
link/none

Ubuntu Network Manager Dialogs

MINT (15 KDE) Network Manager Dialogs

<Note>
In order to access all routes, you should add following routes:
# Legacy Extreme subnets
10.0.0.0/8
# Legacy Enterasys subnets
134.141.5.0/24
134.141.6.0/23
134.141.8.0/21
134.141.16.0/20
134.141.32.0/19
134.141.64.0/18

134.141.128.0/17
# Legacy Enterasys Lab subnets
192.168.6.0/24
192.168.105.0/24
192.168.184.0/24
192.168.224.0/24
192.168.225.0/24
192.168.227.0/24
192.168.242.0/24