Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Support for Ubuntu 18.04 and up

sugarmoose
New Contributor
‎02-03-2021 06:48:AM
‎02-03-2021 06:48:AM

Support for Ubuntu 18.04 and up

Just a quick question on Ubuntu 18.04 support. To confirm my suspicion.

 

My admin send me a deb file named pulse-9.1R5.x86_64.deb with instructions to run a PulseSecure client on Ubuntu Linux.

 

My thought was that this is very suspicious. I explained to him that a security solution like PulseSecure would not require me to install random deb file which I cannot verify in some way to originate from PulseSecure.

 

In the end I tried his deb file and instructions and as I expected that turned out to be a complete waste of time.

 

I was able to install his deb file and run his app which showed a client of some sort with window title Pulse Secure and even with a copyright notice on bottom showing 2020 by Pulse Secure, LLC all Right Reservced etc but IMHO he fabricated this notice himself.

 

And as I expected it doesn't work. If I connect It only ever shows a message "Unacceptable TLS certificate". Now the website clearly has a proper certificate so my suspicion is that this software is doing something malicious. Man in the middle or something.

 

I don't want to install something that this admin tickered on in his spare time and compromise my laptop.

 

Is this correct? There is not Linux of Ubuntu support right? PulseSecure wouldn't offer a solution that would require installing deb file from unknows source?

0 Kudos
Reply
5 REPLIES 5
rdumitrescu
Contributor
‎02-03-2021 11:15:AM
‎02-03-2021 11:15:AM

Re: Support for Ubuntu 18.04 and up

Typically admins aren't bad guys who wants to steal your data... anyway....

If you don't trust the .deb file that you received, you can download the installer directly from the "VPN server itself" https://<your vpn fqdn>/dana-na/jam/getComponent.cgi?command=get;component=PulseSecure;platform=deb64

Beside this or download it from my.pulsesecure.net, there is no other way to download the .deb installer...

Just for your peace of mind... in the download section of my.pulsesecure.net for the package that you indicated the following hash are posted:

MD5 Signature: 8c7f3273a7ee688db65a9f51e2aa46b6
SHA2 Signature: d339acf4d9afe0859a837827df056dca7d9efe24188d0c37c5fed7b33bf0e118
 

The "Unacceptable TLS certificate" is displayed if either the SSL certificate is not trusted by your linux or if the PCS is not sending the entire certificate chain.

 

 

Reply
sugarmoose
New Contributor
‎02-03-2021 10:28:PM
‎02-03-2021 10:28:PM

Re: Support for Ubuntu 18.04 and up

This deb has the correct checksum. So this is official PulseSecure client for Ubuntu.

 

I manually downloaded the certificate and installed in my cert store. To get rid of the message about the unwanted TLS certificate. IMHO the client should be able to do this for the user rather than the other way around.

 

After that I can see the portal page which asks for username and token same as on MS Windows. When I provide those, the portal window closed without message or error.

 

Using route -n I can look at the routing table and see that the client is not working. So it seems to be crashing without error messages.

 

From file menu I can go to the "advanced" status overview which only shows the message "This session is not connected". So this confirms my suspicion that this client is not working.

 

Any suggestions on how to troubleshoot the workings of this client? There is not logging, error message or anything to get an idea on all things that are wrong with this approach.

 

BTW when I go to the portal using FireFox on Ubuntu I can logon. When I try to start one of the remote connections it doesn't detect the installed client but rather offers an alternative download. A deb-zip file PulseSecureAppLauncher.deb.zip. This contains a deb file PulseSecureAppLauncher.deb and a script Installer.sh.

 

So as it turns out I think the admin has actually started to become creative trying to compensate for the lack of support for Linux / Ubuntu when using PulseSecure as a security solution and the obvious problems and bugs in the official client.

 

 

 

0 Kudos
Reply
rdumitrescu
Contributor
‎02-04-2021 02:03:AM
‎02-04-2021 02:03:AM

Re: Support for Ubuntu 18.04 and up

The logs can be found under “~/.pulse_secure/pulse/pulsesvc.log

You can try to give it a look

Your admin should be able to help you figured it out, also the PCS side logs could be also helpful.

I think the best option would be ask your admin to provide you the lastest Pulse Secure Client which is 9.1r10

There was a major change between 9.1r5 and 9.1r10

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44618/

0 Kudos
Reply
sugarmoose
New Contributor
‎02-07-2021 11:13:PM
‎02-07-2021 11:13:PM

Re: Support for Ubuntu 18.04 and up

I ended up using openconnect. Simple install apt install openconnect.

I also combined this with split tunneling with vpn-slice.

 

Worked without problems or issues. Looks a lot better than the PulseSecure client.

0 Kudos
Reply
r@yElr3y
Moderator
Moderator
‎02-09-2021 01:06:AM
‎02-09-2021 01:06:AM

Re: Support for Ubuntu 18.04 and up

@sugarmoose Unacceptable TLS certificate will be presented if the VPN server is not updated with intermediate CA certs. 

 

Use https://www.ssllabs.com/ssltest/ to check the cert trust chain.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.