With the release of PCS 8.1R7, a Pulse client for Linux is available for the latest versions of Linux OS. The Pulse Linux client was developed for command-line usage only and has been qualified on CentOS 6.4 and Ubuntu 14.04. The packages are available as .rpm and .deb installers and can be distributed to Linux users from the PCS Admin Installers page or by downloading the installer packages from the PCS 8.1R7 software downloads page by logging into
https://my.pulsesecure.net.
The installer packages contain a README file that includes the basic command-line usage information. As a supplement, this article also provides additional installation and usage instructions for supported Linux systems.
Linux Pulse Client Pre-requisites:
- PCS running 8.1R7+ or 8.2R1+.
- PCS Host Name or IP Address. (Example: secure.company.com)
- PCS Username and Password used to authenticate.
NOTE: SAML authentication support for Linux is added form Pulse Connect Secure 8.3R3 and Pulse Secure Desktop 5.3R3.
Note: The packages can be downloaded from the Pulse Connect Secure (PCS) software section version 8.1R7 in
https://my.pulsesecure.net > "Support" > "License & Download Center". Additionally, the PCS admin can download the installers from the Admin Installers page and distribute to Linux users.
Known Issues / Limitations:
Resolved Issues:
Installing the Pulse client:
Download the package installer to the Linux client then run the installer using the following command:
For Debian-based Linux installation (such as Ubuntu):
dpkg -i <package name>
For RPM-based Linux installation (such as CentOS):
rpm -ivh <package name>
For example, if the Pulse Linux client is saved in /$HOME/downloads on Ubuntu, then the command would be:
dpkg -i /$HOME/downloads/
The script will prompt the user to install any missing dependent packages if they are not already installed.
For example:
Please execute below commands to install missing dependent packages:
apt-get install libc6-i386
apt-get install lib32z1
By default the Pulse client installs to /usr/local/pulse and contains the following files:
Launching the Pulse client
Use the following command to launch the VPN client:
For 8.1R7:
/usr/local/pulse/PulseClient.sh -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password
-U <PCS SIGNINURL> -r <Realm> -f <path to PCS certificate file>
Example: /usr/local/pulse/PulseClient.sh -h secure.company.com -u user01 -p password01
-U https://secure.company.com/linux -r Realm -f secure.company.com.der
For 8.1R8 and above:
/usr/local/pulse/PulseClient.sh -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password
-U <PCS SIGNINURL> -r <Realm>
Example:/usr/local/pulse/PulseClient.sh -h secure.company.com -u user01 -p password01
-U https://secure.company.com/linux -r "Realm Name"
Note:
The -f option is deprecated in 8.1R8+. The Certificate Authority (CA) certificate store is used to verify that the
PCS certificate is signed by a valid CA.
In RHEL/CentOS/Fedora, "/etc/pki/tls/certs/ca-bundle.crt" is used as CA certificate store.
In Ubuntu, "/etc/ssl/certs/ca-certificates.crt" is used as CA certificate store.
Additional Notes:
- If -r <Realm_Name> is not stated, by default, it will attempt to connect to the "Users" realm. If the realm name has a white space, refer to KB40158.
- In the event that a user does not want the password to be revealed in the terminal history, the argument <vpn password> can be omitted and the user will instead be prompted for the password at run time.
- After the VPN tunnel is creates successfully, the terminal window will remain blank and must remain open. If the terminal window is closed, this will close the VPN connection.
Launching Pulse with Client-side Proxy
If client-side proxy is required to connect to the Pulse VPN server, use the following command to launch Pulse:
/usr/local/pulse/PulseClient.sh -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password>
-U <PCS SIGNINURL> -r <Realm> -y <proxy IP/hostname> -z <proxy port>
-s <proxy username> -a <proxy password>
Example: Example:/usr/local/pulse/PulseClient.sh -h secure.company.com -u user01 -p password01
-U https://secure.company.com/linux -r Realm -y proxy01.company.com -z 9000 -s user01 -I
NOTE: In case the user doesn't want to reveal the proxy password in the command line arguments, the
-I (case-sensitive) parameter can be used instead of the proxy password parameter. Then a prompt will be
given to take the proxy password.
Displaying the Available Arguments
Use the following command to display the available arguments for the Pulse client:
/usr/local/pulse/PulseClient.sh -H
Checking the Status of the VPN Connection
Use the following command to check the status of the Pulse VPN connection:
/usr/local/pulse/PulseClient.sh -S
Note:This command could take up to 30 seconds to reflect the current state of the Pulse client.
Terminating Pulse:
Terminate the Pulse VPN connection with the following command:
/usr/local/pulse/PulseClient.sh -K
Upgrading the Pulse client:
RPM:
rpm -Uvh /path_to_package
Debian:
dpkg -I /path_to_package
Uninstalling the Pulse client:
Debian:
dpkg -r <pkgname>
Troubleshooting:
If problems persist with the Pulse Linux client, please open a support case at https://my.pulsesecure.net with the following logs:
Client-side Logs:
- ~/.juniper_networks/network_connect/ncsvc.log (for 8.1R7 and earlier)
- ~/.pulse_secure/pulse/pulsesvc.log (8.1R8 and later)
Server-side Logs:
- System > Log/Monitoring > Select Event > Save all logs
