cancel
Showing results for 
Search instead for 
Did you mean: 

Support for Ubuntu 18.04 and up

sugarmoose
New Contributor

Support for Ubuntu 18.04 and up

Just a quick question on Ubuntu 18.04 support. To confirm my suspicion.

 

My admin send me a deb file named pulse-9.1R5.x86_64.deb with instructions to run a PulseSecure client on Ubuntu Linux.

 

My thought was that this is very suspicious. I explained to him that a security solution like PulseSecure would not require me to install random deb file which I cannot verify in some way to originate from PulseSecure.

 

In the end I tried his deb file and instructions and as I expected that turned out to be a complete waste of time.

 

I was able to install his deb file and run his app which showed a client of some sort with window title Pulse Secure and even with a copyright notice on bottom showing 2020 by Pulse Secure, LLC all Right Reservced etc but IMHO he fabricated this notice himself.

 

And as I expected it doesn't work. If I connect It only ever shows a message "Unacceptable TLS certificate". Now the website clearly has a proper certificate so my suspicion is that this software is doing something malicious. Man in the middle or something.

 

I don't want to install something that this admin tickered on in his spare time and compromise my laptop.

 

Is this correct? There is not Linux of Ubuntu support right? PulseSecure wouldn't offer a solution that would require installing deb file from unknows source?

5 REPLIES 5
rdumitrescu
Occasional Contributor

Re: Support for Ubuntu 18.04 and up

Typically admins aren't bad guys who wants to steal your data... anyway....

If you don't trust the .deb file that you received, you can download the installer directly from the "VPN server itself" https://<your vpn fqdn>/dana-na/jam/getComponent.cgi?command=get;component=PulseSecure;platform=deb64

Beside this or download it from my.pulsesecure.net, there is no other way to download the .deb installer...

Just for your peace of mind... in the download section of my.pulsesecure.net for the package that you indicated the following hash are posted:

MD5 Signature: 8c7f3273a7ee688db65a9f51e2aa46b6
SHA2 Signature: d339acf4d9afe0859a837827df056dca7d9efe24188d0c37c5fed7b33bf0e118
 

The "Unacceptable TLS certificate" is displayed if either the SSL certificate is not trusted by your linux or if the PCS is not sending the entire certificate chain.

 

 

sugarmoose
New Contributor

Re: Support for Ubuntu 18.04 and up

This deb has the correct checksum. So this is official PulseSecure client for Ubuntu.

 

I manually downloaded the certificate and installed in my cert store. To get rid of the message about the unwanted TLS certificate. IMHO the client should be able to do this for the user rather than the other way around.

 

After that I can see the portal page which asks for username and token same as on MS Windows. When I provide those, the portal window closed without message or error.

 

Using route -n I can look at the routing table and see that the client is not working. So it seems to be crashing without error messages.

 

From file menu I can go to the "advanced" status overview which only shows the message "This session is not connected". So this confirms my suspicion that this client is not working.

 

Any suggestions on how to troubleshoot the workings of this client? There is not logging, error message or anything to get an idea on all things that are wrong with this approach.

 

BTW when I go to the portal using FireFox on Ubuntu I can logon. When I try to start one of the remote connections it doesn't detect the installed client but rather offers an alternative download. A deb-zip file PulseSecureAppLauncher.deb.zip. This contains a deb file PulseSecureAppLauncher.deb and a script Installer.sh.

 

So as it turns out I think the admin has actually started to become creative trying to compensate for the lack of support for Linux / Ubuntu when using PulseSecure as a security solution and the obvious problems and bugs in the official client.

 

 

 

rdumitrescu
Occasional Contributor

Re: Support for Ubuntu 18.04 and up

The logs can be found under “~/.pulse_secure/pulse/pulsesvc.log

You can try to give it a look

Your admin should be able to help you figured it out, also the PCS side logs could be also helpful.

I think the best option would be ask your admin to provide you the lastest Pulse Secure Client which is 9.1r10

There was a major change between 9.1r5 and 9.1r10

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44618/

sugarmoose
New Contributor

Re: Support for Ubuntu 18.04 and up

I ended up using openconnect. Simple install apt install openconnect.

I also combined this with split tunneling with vpn-slice.

 

Worked without problems or issues. Looks a lot better than the PulseSecure client.

r@yElr3y
Moderator

Re: Support for Ubuntu 18.04 and up

@sugarmoose Unacceptable TLS certificate will be presented if the VPN server is not updated with intermediate CA certs. 

 

Use https://www.ssllabs.com/ssltest/ to check the cert trust chain.

PCS Expert
Pulse Connect Secure Certified Expert