Error when starting and using a paloalto's GlobalProtext VPN/proxy

Question

Error when starting and using a paloalto's GlobalProtext VPN/proxy

wburningham opened this issue 6 months ago · comments

Description

Zen fails to start when using a paloalto's GlobalProtext proxy (the proxy used by my work).

Logs from the macOS console app (the link to how to include the logs that Zen prints out was not helpful so let me know if there is someplace else to look at logs):

default	09:39:16.669517-0700	Zen	0x12e05ba40 - [PID=0] WebProcessCache::setApplicationIsActive: (isActive=1)
default	09:39:16.673858-0700	Zen	Gained inheritances: {(
    <RBSInheritance| environment:(none) name:com.apple.launchservices.userfacing origID:648-593-932837 0>,
    <RBSInheritance| environment:(none) name:com.apple.launchservices.userfacing origID:648-593-932837 0>
)}
default	09:39:16.690807-0700	Zen	Gained inheritances: {(
    <RBSInheritance| environment:(none) name:com.apple.frontboard.visibility origID:648-620-932839 0>
)}
default	09:39:17.654028-0700	Zen	parent WailsWindow 0x134010720 (17e06) remove NSWindow 0x134222260 (17e69) from group
default	09:39:17.654211-0700	Zen	parent WailsWindow 0x134010720 (17e06) add NSWindow 0x134222260 (17e69) to group
default	09:39:17.654601-0700	Zen	order window: 17e69 op: 1 relative: 17e06 related: 0
default	09:39:17.700637-0700	Zen	parent WailsWindow 0x134010720 (17e06) remove NSWindow 0x134222260 (17e69) from group
default	09:39:17.700861-0700	Zen	window NSWindow 17e69 finishing close
default	09:39:17.701174-0700	Zen	order window: 17e69 op: 0 relative: 0 related: 0
default	09:39:17.705393-0700	Zen	nw_path_libinfo_path_check [9FE9BF9E-727F-4850-915A-58C0FAA3193C Hostname#2af0d623:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:17.705393-0700	Zen	nw_path_libinfo_path_check [FA2CB79E-AFE3-4197-B05C-614AB39E90D8 Hostname#782fce55:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:17.705393-0700	Zen	nw_path_libinfo_path_check [E32CE374-59E9-4F8D-9B2E-EBC949C58FC4 Hostname#ea855251:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:17.705450-0700	Zen	nw_path_libinfo_path_check [81BF410D-6CD6-4CEE-9508-BF4C57E450EF Hostname#80eab101:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:17.705570-0700	Zen	nw_path_libinfo_path_check [27DE61DB-866E-4A5A-8B70-249D4CAFAC8C Hostname#326b1f12:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:17.705550-0700	Zen	nw_path_libinfo_path_check [9B0DE8C8-338B-4439-B99A-2E93E68FD42E Hostname#cc9ddf31:0 tcp, legacy-socket, attribution: developer]
	libinfo check path: satisfied (Path is satisfied), interface: utun4, ipv4, dns
default	09:39:18.884031-0700	Zen	0x12e0500e0 - [PID=75693, throttler=0x12e01ce40] ProcessThrottler::Activity::Activity: Starting foreground activity / 'WebPageProxy::runJavaScriptInFrameInScriptWorld'
default	09:39:18.885795-0700	Zen	0x12e0500e0 - [PID=75693, throttler=0x12e01ce40] ProcessThrottler::Activity::invalidate: Ending foreground activity / 'WebPageProxy::runJavaScriptInFrameInScriptWorld'
default	09:39:20.864142-0700	Zen	0x12e05ba40 - [PID=0] WebProcessCache::setApplicationIsActive: (isActive=0)
default	09:39:21.001667-0700	Zen	Lost inheritances: {(
    <RBSInheritance| environment:(none) name:com.apple.frontboard.visibility origID:648-620-932839 0>,
    <RBSInheritance| environment:(none) name:com.apple.launchservices.userfacing origID:648-593-932837 0>,
    <RBSInheritance| environment:(none) name:com.apple.launchservices.userfacing origID:648-593-932837 0>
)}

Version

v0.3.1

Operating System

macOS 14.2

Steps to Reproduce

Start a paloalto's GlobalProtext VPN/proxy
Open the app and click start
See the "Failed to start proxy: set system proxy: no network service found" error
Stop a paloalto's GlobalProtext VPN/proxy
Open the app and click start
It works this time

Order does not matter: starting Zen before a paloalto's GlobalProtext proxy also fails.

Additional Context

No response

Ansar Smagulov · Answer 1 · Sat Feb 24 2024 01:21:40 GMT+0800 (China Standard Time)

Hi, would you mind running a few terminal commands while GlobalContext is running and sharing their output? Here are the commands:

scutil --nwi
route -n get 0.0.0.0
networksetup -listnetworkserviceorder

Ansar Smagulov · Answer 2 · Sat Feb 24 2024 01:23:23 GMT+0800 (China Standard Time)

Also, were you using Zen before the last release? If so, was it working with the VPN?

wburningham · Answer 3 · Sat Feb 24 2024 02:18:07 GMT+0800 (China Standard Time)

Also, were you using Zen before the last release? If so, was it working with the VPN?

I was not using Zen before the last release.

Hi, would you mind running a few terminal commands while GlobalContext is running and sharing their output?

Here is the output of running those commands after starting a paloalto's GlobalProtext VPN/proxy (ip addresses redacted):

❯ scutil --nwi
Network information

IPv4 network interface information
   utun4 : flags      : 0x5 (IPv4,DNS)
           address    : XXX.XXX.XXX.XXX
           reach      : 0x00000002 (Reachable)
     en7 : flags      : 0x5 (IPv4,DNS)
           address    : 1XXX.XXX.XXX.XXX
           reach      : 0x00000002 (Reachable)
     en0 : flags      : 0x5 (IPv4,DNS)
           address    : XXX.XXX.XXX.XXX
           reach      : 0x00000002 (Reachable)

   REACH : flags 0x00000002 (Reachable)

IPv6 network interface information
   No IPv6 states found


   REACH : flags 0x00000000 (Not Reachable)

Network interfaces: utun4 en7 en0

❯ route -n get 0.0.0.0
   route to: default
destination: default
       mask: default
    gateway: XXX.XXX.XXX.XXX
  interface: utun4
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1400         0

❯ networksetup -listnetworkserviceorder
An asterisk (*) denotes that a network service is disabled.
(1) Thunderbolt Ethernet Slot 1
(Hardware Port: Thunderbolt Ethernet Slot 1, Device: en7)

(2) Wi-Fi
(Hardware Port: Wi-Fi, Device: en0)

(3) iPhone USB
(Hardware Port: iPhone USB, Device: en8)

(4) Thunderbolt Bridge
(Hardware Port: Thunderbolt Bridge, Device: bridge0)

(5) Tailscale
(Hardware Port: io.tailscale.ipn.macos, Device: )

Note: Tailescale is my personal VPN. It is not running during any of the testing (although I need to test if it does work with Zen)

Ansar Smagulov · Answer 4 · Sat Feb 24 2024 03:15:25 GMT+0800 (China Standard Time)

Thanks! Looks like we'll need to do even more work to properly get the active network service. I have an idea for a fix in mind, I'll let you know once a working release gets published.

wburningham · Answer 5 · Tue Apr 02 2024 05:49:34 GMT+0800 (China Standard Time)

Hi @anfragment,

I'm just checking back in on this to see if there is any more information I can provide. I can also try out alpha/test builds if that helps recreate the issue or test fixes.

Also, you said that you would let me know one a working released is published. If you'd rather me not check-in like this let me know.

Thanks.

Ansar Smagulov · Answer 6 · Tue Apr 02 2024 23:45:00 GMT+0800 (China Standard Time)

Hey @wburningham,
Thank you for reaching out again. I am keeping your issue in mind, but I just haven't gotten around to it yet. Thank you for offering your help in testing the solution—I'll drop an alpha build in this issue.

P.S. As an interim solution, I recommend starting Zen before launching the VPN. It should do the trick.