Linux/Command Line

Installing the VPN client


Always use supported (within its life-cycle period) and updated Linux distribution!



The openconnect package included in CentOS (8), Rocky Linux (8,9), AlmaLinux (8,9), and Fedora (latest) provides proper support for Global Protect protocol.

Open a terminal and type there:

sudo dnf -y install epel-release
sudo dnf -y update epel-release
sudo dnf -y install openconnect



Ubuntu users: use LTS >= 20 desktop or server installation. If you encounter the problem with openconnect described in this thread, download and compile the latest version of the code.

Open a terminal and type there:

sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
sudo apt-get update
sudo apt-get install globalprotect-openconnect

Getting connected

To establish a VPN tunnel to the internal infrastructure of Discoverer HPC, execute in terminal:

sudo openconnect --protocol=gp --interface=discoverer0 --user=username

where the string username has to be replaced with the actual user name. In case of successful execution, the following output will appear on the display, waiting for the user’s password to be provided:

Enter login credentials

If the correct password is provided, a new stream of status lines will be printed out on the screen, ending with a line that reports the success of establishing the VPN tunnel. That report might look different depending on the version of openconnect used. For instance, on RHEL8 and Rocky Linux 8, as well as on Fedora, the last line will report the private IPv4 address assigned to the tunnel interface:

Configured as, with SSL disconnected and ESP established

On Ubuntu or Debian, that same line might look like:

ESP tunnel connected; exiting HTTPS mainloop.


To disconnect the VPN client, terminate the process of the currently running VPN client. Go to the terminal window where the process is still running in the foreground, and type there Ctrl-C (or just close the terminal window).


If the VPN tunnel is established, the execution of the following command line:

ip addr show dev discoverer0

will produce an output like:

3: discoverer0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1422 qdisc fq_codel state UNKNOWN group default qlen 500
   inet scope global discoverer0
      valid_lft forever preferred_lft forever
   inet6 fe80::2597:d8ee:9bcd:e9bc/64 scope link stable-privacy
      valid_lft forever preferred_lft forever

If the interface discoverer0 is not presented in the system, then either the VPN client is not running currently, or some network problem prevents establishing the VPN tunnel.

In case the interface discoverer0 is up, try to ping the login node:


to proove that the internal infrastructure of Discoverer HPC is accessible.

Getting help

See Getting help