How to connect to Palo Alto VPN – GlobalProtect from Linux server without modifying any configuration? – 如何在不修改服务器配置下,使用 Linux server 连接 Palo Alto VPN?

The issue

It’s boring and even impossible to follow offical doc of connecting GlobalProtect from PaloAlto website to just get your Linux server / desktop linking to your office.

Strongman or twisted openconnect or vpnc or even vpnc over Ubuntu desktop , may cost you days to setup and even just waste of time since your IT manager is not going to compromise anything to x-auth.

What now?

Solution

Consider this issue in a much simpler way: SSH Port forwarding.

  • Drop Windows 10 Pro in your Azure portal

    > Do not use Windows Server since GlobalProtect doesn’t support that OS.
  • Setup OpenSSH for Windows, making sure SSH Server selected
  • Open port 22 in Azure NSG
  • Provide SSH dynamic port forwarding to your Azure Windows 10 Pro
ssh -D 8080 username@azure-remote-host
  • Now your have a 8080 socket5 proxy in your local OS. It’s a tunnel to your office after you install and connect PaloAlto GlobalProtect in the Windows 10 Pro VM