An open-source graphical front-end for the GlobalProtect-openconnect CLI tools, supporting password and SSO (SAML) authentication.
Disclaimer: This is an unofficial third-party client and is not affiliated with or endorsed by Palo Alto Networks. GlobalProtect is a registered trademark of Palo Alto Networks.
GP OpenUI is a custom GUI for the gpclient / gpservice daemon stack from GlobalProtect-openconnect. It replaces the upstream gpgui binary with a free and open-source interface built with Tauri (Rust + React).
The upstream gpgui binary is proprietary-- you can't study, modify, or share it. For a VPN client handling your credentials and network traffic, that matters. GP OpenUI is free software.
- Password authentication — standard username/password login
- SSO/SAML authentication — embedded WebView or external browser
- Client certificate authentication — PKCS#8 (
.pem) and PKCS#12 (.p12/.pfx) - Cookie reuse — stay logged in across SAML sessions
- OS spoofing — present as Linux, Windows, or macOS to the portal
- HIP report submission — with optional custom script path
- Tunnel options — disable IPv6, disable DTLS, custom MTU, VPNC script, reconnect timeout
- Theme support — light, dark, and system-follow modes
- Settings window — persistent per-user settings stored locally
- Wayland and X11 — native Wayland support, X11 fallback
- Manual gateway selection — the app currently auto-selects the first gateway returned by the portal
- System tray integration — minimize to tray, tray icon menu
- Auto-start on login — launch with the system and connect automatically
- Resume on wake — reconnect automatically after the system wakes from sleep
Run the install script as a regular user (it uses sudo internally where root is required):
./install.shThe script will:
- Install system build dependencies (WebKitGTK, GTK 3, OpenSSL, etc.)
- Install Rust (≥ 1.85) via
rustupif not already present - Install Node.js LTS and pnpm if not already present
- Install GlobalProtect-openconnect (
gpservice+gpclient) from the upstream package repository - Build this Tauri app (
pnpm install+cargo tauri build) - Replace
/usr/bin/gpguiwith the newly built binary (the original is backed up asgpgui.upstream)
Supported distributions: Debian/Ubuntu, Fedora/RHEL, Arch Linux (requires an AUR helper — yay or paru)
After installation, launch the GUI through your application launcher or via:
gpclient launch-guiSome GlobalProtect installations use older TLS configurations (e.g. deprecated ciphers or older protocol versions) that are rejected by the system OpenSSL by default. If the GUI fails to connect with a TLS handshake error, use the --fix-openssl flag:
gpclient --fix-openssl launch-gui- Linux (X11 or Wayland)
- One of:
apt,dnf, orpacman(withyay/parufor AUR packages on Arch) - Internet access to download build tools and the upstream GP packages
GPL-2.0