GP Connect by Tangramly

Connect to GlobalProtect-compatible VPNs on Linux.

GP Connect is Tangramly's Linux client for compatible corporate VPN portals. It combines a scriptable CLI with a desktop GUI and supports SSO, MFA, browser authentication, FIDO2/YubiKey, client certificates, and multi-portal workflows.

Install GP Connect GitHub ★ 2.1k Buy GUI license
Releases Installation guide Issue tracker
2.1k starsOpen-source project on GitHub
7-day trialTry the GUI before purchase
From $1.99GUI license pricing starts here

Corporate VPN access should not make Linux the exception.

Modern enterprise VPN flows often include browser-based SAML, MFA, hardware-backed authentication, client certificates, portals, gateways, and split routing. GP Connect packages those realities into a Linux-native client for command-line and desktop workflows.

GP Connect

A Linux-native client for modern enterprise VPN authentication.

Built on the GlobalProtect-openconnect project and OpenConnect, GP Connect helps Linux users connect to compatible corporate VPN environments without giving up their preferred desktop or terminal workflow.

SSO

Authenticate the way your organization requires

Use browser-based SSO, MFA, FIDO2/YubiKey, client certificates, non-SSO portals, and remote browser login for headless machines.

CLI

Choose terminal or desktop

Run gpclient for scripting and server workflows, or launch the GUI for saved profiles, tray status, and desktop connection management.

PKG

Install through familiar Linux channels

Use package sources where available, or install release assets for Debian/Ubuntu, Arch, RPM-based distributions, Alpine, NixOS, Gentoo, Docker, and generic Linux systems.

Open-source foundation: GlobalProtect-openconnect provides the CLI, background service, Linux packaging, and technical documentation behind GP Connect.
Desktop experience: GP Connect gives users a clear Tangramly product path for the GUI, licensing, installation guidance, and support resources.
Install

Install GP Connect with the right package source and prerequisites.

Package-manager installs are the safest path because dependencies are resolved by the distribution. Manual installs should start with GUI/runtime dependencies before extracting release assets.

1. Prefer a maintained package source

Use PPA, Arch Extra, COPR, OBS, overlays, Nix flakes, or distro packages when available.

2. Check runtime dependencies

Manual installs need webview, secure storage, and tray-indicator libraries before the package can run correctly.

3. Use GitHub Releases for assets

Download the matching package only after selecting your distribution and architecture.

Debian / Ubuntu

Recommended: install from the PPA so apt can resolve dependencies.

sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
sudo apt-get update
sudo apt-get install globalprotect-openconnect

DEB fallback after downloading the latest .deb from GitHub Releases:

sudo apt install --fix-broken globalprotect-openconnect_*.deb
Linux Mint GPG key issue: import the README key manually with sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761.
Arch Linux / Manjaro

Official Extra repository path. The README notes that tray support needs libappindicator installed manually.

sudo pacman -S libappindicator globalprotect-openconnect

AUR alternative:

yay -S globalprotect-openconnect-git

Package-file fallback after downloading from Releases:

sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
Fedora 38+ / Rawhide

Install from COPR for Fedora and compatible RPM-based systems.

sudo dnf copr enable yuezk/globalprotect-openconnect
sudo dnf install globalprotect-openconnect
openSUSE

Use the openSUSE Build Service package and follow the distribution-specific instructions from software.opensuse.org.

Open OBS instructions
Other RPM-based distributions

After downloading the latest RPM package from GitHub Releases:

sudo rpm -i globalprotect-openconnect-*.rpm
Alpine Linux

After downloading the latest .apk package from GitHub Releases:

sudo apk add --allow-untrusted globalprotect-openconnect-*.apk
Enable the Alpine community repository so GUI dependencies such as webkit2gtk-4.1, libsecret, and libayatana-appindicator can resolve. GUI connections use polkit, and VPN tunnel creation requires /dev/net/tun.
Gentoo

Available through the guru and lamdness overlays.

sudo eselect repository enable guru
sudo emerge --sync guru
sudo emerge --ask --verbose net-vpn/GlobalProtect-openconnect
NixOS

Quick user-level install from the project flake:

nix profile add github:yuezk/GlobalProtect-openconnect

For managed NixOS system configuration, add the flake input and package to your configuration.nix, then run sudo nixos-rebuild switch.

Docker CLI image

The Docker image includes CLI tools for containerized or headless authentication workflows.

docker pull yuezk/globalprotect-openconnect:<version>

docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun \
  yuezk/globalprotect-openconnect:<version> \
  connect <portal> --browser remote
Use host networking only when the VPN routes should affect the Linux host network namespace.
Other distributions / manual install

Install runtime dependencies first, then extract the generic release tarball.

# install with your distribution package manager first:
webkit2gtk
libsecret
libayatana-appindicator  # or libappindicator-gtk3

# then extract the GitHub Releases tarball:
tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz
sudo make install
Older Linux distribution?

The upstream README recommends v2.3.13 for older distributions.

Full install guideGitHub Releases
Pricing

Free CLI. Paid GUI.

The command-line client remains free and open source through GlobalProtect-openconnect. The GUI adds desktop-focused convenience for users who want a visual workflow.

  • Use gpclient for command-line VPN connections.
  • Launch the GUI for profiles, tray status, auto-connect, and desktop management.
  • Purchase is handled through Lemon Squeezy checkout.

GP Connect GUI license

From $1.99GUI license

Start with a 7-day free trial, then choose the license option that fits your desktop or site use.

7-day free trialTest the GUI before buying.
Site options availableSite and device-extension licenses are available at checkout.
Buy GUI licenseLicense support
Support

Get help through the project issue tracker.

Search existing reports before opening a new issue. Include your distribution, desktop environment, package source, GP Connect version, and the authentication method used by your VPN portal.

Search issues

Find existing bug reports, regressions, packaging discussions, and troubleshooting threads.

Open Issues

Report a bug

Open a new issue for connection failures, GUI crashes, route cleanup problems, or packaging errors.

New Issue

Auth troubleshooting

Review SSO, MFA, YubiKey, browser login, and client-certificate discussions.

View Auth Issues

License questions

Use the issue tracker for GUI licensing, purchase, and trial questions.

View License Issues
Tangramly, LLC

Tangramly develops GP Connect for Linux users who need reliable enterprise VPN access.

GP Connect focuses on the connection flows that developers, administrators, students, researchers, and remote workers encounter when Linux is their primary operating system.

Built around open-source infrastructure

★ 2.1k GitHub stars

GlobalProtect-openconnect provides the source code, command-line tooling, background service, installation paths, and package ecosystem behind GP Connect. The desktop GUI builds on that foundation for users who prefer visual profile management, tray status, and auto-connect workflows.

Open-source CLIgpclient and gpauth support scriptable VPN workflows.
Linux packagesPPA, Arch, COPR, OBS, NixOS, Gentoo, Alpine, RPM, and release assets.
Modern authenticationSSO, MFA, browser auth, FIDO2/YubiKey, and client certificates.
Desktop experienceProfiles, tray integration, auto-connect, and visual connection status.
Source on GitHubView pricing