Just a quick question on Ubuntu 18.04 support. To confirm my suspicion.
My admin send me a deb file named pulse-9.1R5.x86_64.deb with instructions to run a PulseSecure client on Ubuntu Linux.
My thought was that this is very suspicious. I explained to him that a security solution like PulseSecure would not require me to install random deb file which I cannot verify in some way to originate from PulseSecure.
In the end I tried his deb file and instructions and as I expected that turned out to be a complete waste of time.
I was able to install his deb file and run his app which showed a client of some sort with window title Pulse Secure and even with a copyright notice on bottom showing 2020 by Pulse Secure, LLC all Right Reservced etc but IMHO he fabricated this notice himself.
And as I expected it doesn't work. If I connect It only ever shows a message "Unacceptable TLS certificate". Now the website clearly has a proper certificate so my suspicion is that this software is doing something malicious. Man in the middle or something.
I don't want to install something that this admin tickered on in his spare time and compromise my laptop.
Is this correct? There is not Linux of Ubuntu support right? PulseSecure wouldn't offer a solution that would require installing deb file from unknows source?
Typically admins aren't bad guys who wants to steal your data... anyway....
If you don't trust the .deb file that you received, you can download the installer directly from the "VPN server itself" https://<your vpn fqdn>/dana-na/jam/getComponent.cgi?command=get;component=PulseSecure;platform=deb64
Beside this or download it from my.pulsesecure.net, there is no other way to download the .deb installer...
Just for your peace of mind... in the download section of my.pulsesecure.net for the package that you indicated the following hash are posted:
The "Unacceptable TLS certificate" is displayed if either the SSL certificate is not trusted by your linux or if the PCS is not sending the entire certificate chain.
This deb has the correct checksum. So this is official PulseSecure client for Ubuntu.
I manually downloaded the certificate and installed in my cert store. To get rid of the message about the unwanted TLS certificate. IMHO the client should be able to do this for the user rather than the other way around.
After that I can see the portal page which asks for username and token same as on MS Windows. When I provide those, the portal window closed without message or error.
Using route -n I can look at the routing table and see that the client is not working. So it seems to be crashing without error messages.
From file menu I can go to the "advanced" status overview which only shows the message "This session is not connected". So this confirms my suspicion that this client is not working.
Any suggestions on how to troubleshoot the workings of this client? There is not logging, error message or anything to get an idea on all things that are wrong with this approach.
BTW when I go to the portal using FireFox on Ubuntu I can logon. When I try to start one of the remote connections it doesn't detect the installed client but rather offers an alternative download. A deb-zip file PulseSecureAppLauncher.deb.zip. This contains a deb file PulseSecureAppLauncher.deb and a script Installer.sh.
So as it turns out I think the admin has actually started to become creative trying to compensate for the lack of support for Linux / Ubuntu when using PulseSecure as a security solution and the obvious problems and bugs in the official client.
The logs can be found under “~/.pulse_secure/pulse/pulsesvc.log”
You can try to give it a look
Your admin should be able to help you figured it out, also the PCS side logs could be also helpful.
I think the best option would be ask your admin to provide you the lastest Pulse Secure Client which is 9.1r10
There was a major change between 9.1r5 and 9.1r10
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44618/
I ended up using openconnect. Simple install apt install openconnect.
I also combined this with split tunneling with vpn-slice.
Worked without problems or issues. Looks a lot better than the PulseSecure client.
@sugarmoose Unacceptable TLS certificate will be presented if the VPN server is not updated with intermediate CA certs.
Use https://www.ssllabs.com/ssltest/ to check the cert trust chain.