gpclient

Connect to a GlobalProtect VPN using a portal server

$ gpclient connect [vpn_gateway_url]

$ gpclient disconnect

$ gpclient launch-gui

$ gpclient connect --fix-openssl [vpn_gateway_url]

$ gpclient connect --ignore-tls-errors [vpn_gateway_url]

$ gpclient --version

$ gpclient help [command]

gpclient [--help|-h|--version|-v]
gpclient subcommand [subcommand_options]

connect
    Initiates a VPN connection to the currently configured GlobalProtect portal. Depending on the portal's authentication settings, this command may trigger a web browser for user interaction (e.g., SAML authentication).

disconnect
    Terminates the active VPN connection established by GlobalProtect, severing the secure tunnel.

status
    Displays the current VPN connection status, indicating whether the client is connected or disconnected, the active portal, and the gateway being used.

show
    Provides detailed information about the GlobalProtect client's configuration, network details, and connection metrics. Common options include --details for comprehensive information, --all for all available data, and --metrics for performance statistics.

set
    Configures GlobalProtect client settings. It is primarily used to specify or update the GlobalProtect portal address.
Example: gpclient set --portal vpn.example.com.

--help, -h
    Displays general help information for the gpclient command. If used with a subcommand (e.g., gpclient connect --help), it shows help specific to that subcommand.

--version, -v
    Shows the installed GlobalProtect client software version.

gpclient is the command-line interface component of the Palo Alto Networks GlobalProtect VPN client for Linux. It provides a robust and flexible way for users to manage their VPN connection directly from the terminal, making it ideal for system administrators, developers, and users who prefer a non-graphical approach or need to automate VPN tasks. Through gpclient, users can initiate connections to and disconnect from configured GlobalProtect portals, retrieve real-time connection status, display detailed network and client configuration information, and configure essential portal settings. It acts as a crucial front-end to the underlying GlobalProtect service (PanGPS), facilitating secure network access within enterprise environments without relying on a graphical user interface.

gpclient is a proprietary command-line client developed by Palo Alto Networks for their GlobalProtect VPN solution. It is not included in standard Linux distributions and must be installed separately, usually via a package provided by your organization or Palo Alto Networks. Its functionality is entirely dependent on the underlying PanGPS background service being operational. Certain authentication methods (e.g., SAML, Kerberos) might require a graphical web browser to complete the login process, even when using the command-line interface.

The gpclient command interacts with the essential background GlobalProtect service, PanGPS. This service is responsible for handling the actual VPN tunnel establishment, maintenance, and teardown. For gpclient commands to function correctly, it is crucial to ensure that the PanGPS service is running and accessible.

Depending on the GlobalProtect portal's configuration, initiating a connection via gpclient connect may not be a purely command-line experience. It can automatically open a web browser for various authentication methods like SAML, Kerberos, or other web-based multi-factor authentication (MFA) flows, requiring user interaction outside the terminal.

Palo Alto Networks introduced the GlobalProtect client to provide secure VPN access across various operating systems, including Linux, to extend their enterprise security solutions. The gpclient command-line interface was developed to offer administrators and advanced users a flexible alternative to the graphical user interface, enabling programmatic control over VPN connections and facilitating integration into scripts and automation workflows. Its development is closely tied to the broader GlobalProtect product line's releases and enhancements.

openvpn(8), nmcli(1), ip(8)