GPClient GUI crashes on connect

[CamperSamu]

Describe the bug
I can't connect using the GUI and I get rejected/logged out using the CLI.
While the GUI just crashes, the CLI in verbose mode reports that my administrator logged me out and that I'll be disconnected in 30mins.

Expected behavior
At least one of the two should work.

Logs

GUI:

[2025-07-03T18:39:51Z INFO  gpservice::cli] gpservice started: 2.4.4 (2025-07-03)
[2025-07-03T18:39:51Z INFO  gpservice::ws_server] WS server listening on port: 38213
[2025-07-03T18:39:51Z INFO  gpapi::process::gui_launcher] Version check passed: 2.4.4
[2025-07-03T18:39:51Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2025-07-03T18:39:51Z INFO  gpgui::cli] gpgui started: 2.4.4 (2025-02-09)
[2025-07-03T18:39:51Z INFO  gpgui::app] Setting the custom openssl conf path

(gpgui:1131710): libayatana-appindicator-WARNING **: 20:39:51.550: libayatana-appindicator is deprecated. Please use libayatana-appindicator-glib in newly written code.
[2025-07-03T18:39:51Z INFO  gpgui::config::private_data] Loaded config key from keyring
[2025-07-03T18:39:51Z INFO  gpgui::app::app_initializer] App initialized
[2025-07-03T18:39:51Z INFO  gpgui::ws_connector] Connecting to WS server
[2025-07-03T18:39:51Z INFO  gpgui::ws_connector] Received ping
[2025-07-03T18:39:51Z INFO  gpgui::ws_connector] Connected to WS server
[2025-07-03T18:39:51Z INFO  gpservice::handlers] New client connected
[2025-07-03T18:39:51Z INFO  gpservice::ws_server] Sending current VPN state to new client
[2025-07-03T18:39:51Z INFO  gpservice::vpn_task] Updating log level to: INFO

(gpgui:1131710): libayatana-appindicator-WARNING **: 20:39:51.563: libayatana-appindicator is deprecated. Please use libayatana-appindicator-glib in newly written code.
[2025-07-03T18:39:51Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2025-07-03T18:39:51Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Connecting to the portal: C**********m...
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No gateway found
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2025-07-03T18:39:53Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Authenticating portal...
[2025-07-03T18:39:53Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2025-07-03T18:39:54Z INFO  gpauth::cli] gpauth started: 2.4.4 (2025-07-03)
[2025-07-03T18:39:54Z INFO  auth::browser::browser_auth] Launching browser: brave
[2025-07-03T18:39:54Z INFO  auth::browser::auth_server] auth server started at: http://127.0.0.1:44147/xxxxx-xxxxx-xxxxx-xxxxx
[2025-07-03T18:39:54Z INFO  auth::browser::browser_auth] Please continue the authentication process in the default browser
[2025-07-03T18:39:54Z INFO  auth::browser::browser_auth] Listening authentication data on port 45159
[2025-07-03T18:39:54Z INFO  auth::browser::browser_auth] If it hangs, please check the logs at `/tmp/gpcallback.log` for more information
[2025-07-03T18:39:54Z INFO  auth::browser::auth_server] received request, method: GET, url: /xxxxxx-xxxx-xxxxx-xxxxx
[2025-07-03T18:39:54Z INFO  auth::browser::auth_server] stop the auth server
[2025-07-03T18:39:56Z INFO  auth::browser::browser_auth] Received the browser authentication data from the socket
[2025-07-03T18:39:57Z INFO  gpgui::portal_connector] Fetching the portal config...
[2025-07-03T18:39:57Z INFO  gpapi::portal::config] Retrieve the portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2025-07-03T18:39:57Z INFO  gpapi::gateway::parse_gateways] Try to parse the external gateways...
[2025-07-03T18:39:57Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
thread 'tokio-runtime-worker' panicked at app/src-tauri/src/portal_connector.rs:351:34:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[2025-07-03T18:40:05Z INFO  gpservice::handlers] WS server recv task completed
[2025-07-03T18:40:05Z INFO  gpservice::handlers] Client disconnected
[2025-07-03T18:40:05Z WARN  gpservice::handlers] Failed to close socket: Trying to work with closed connection
[2025-07-03T18:40:05Z INFO  gpservice::cli] GUI exited with code None
[2025-07-03T18:40:05Z INFO  gpservice::cli] Shutdown request received, shutting down
[2025-07-03T18:40:05Z INFO  gpservice::vpn_task] VPN task cancelled
[2025-07-03T18:40:05Z INFO  gpservice::vpn_task] VPN is not connected, skip disconnect
[2025-07-03T18:40:05Z INFO  gpservice::ws_server] WS server cancelled
[2025-07-03T18:40:05Z INFO  gpservice::cli] gpservice stopped

CLI:

sudo gpclient -v --fix-openssl connect --as-gateway --clean --os Windows --os-version 10.0.26100 --user-agent "PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)" --csd-wrapper=/lib/openconnect/hipreport.sh my.vpn.example.com
[2025-07-03T18:38:40Z INFO  gpclient::cli] gpclient started: 2.4.4 (2025-07-03)
[2025-07-03T18:38:40Z INFO  gpapi::utils::openssl] Using 'UnsafeLegacyServerConnect' option
[2025-07-03T18:38:40Z INFO  gpclient::connect] Treating the server as a gateway
[2025-07-03T18:38:40Z INFO  gpclient::connect] Performing the gateway authentication...
[2025-07-03T18:38:40Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2025-07-03T18:38:40Z DEBUG reqwest::connect] starting new connection: https://my.vpn.example.com/
[2025-07-03T18:38:40Z DEBUG hyper_util::client::legacy::connect::dns] resolve; host=my.vpn.example.com
[2025-07-03T18:38:40Z DEBUG hyper_util::client::legacy::connect::http] connecting to vpn-ip:443
[2025-07-03T18:38:40Z DEBUG hyper_util::client::legacy::connect::http] connected to vpn-ip:443
[2025-07-03T18:38:40Z DEBUG hyper_util::client::legacy::pool] pooling idle connection for ("https", my.vpn.example.com)
[2025-07-03T18:38:40Z INFO  gpauth::cli] gpauth started: 2.4.4 (2025-07-03)
[2025-07-03T18:38:40Z INFO  gpauth::cli] Fixing OpenSSL environment
[2025-07-03T18:38:40Z INFO  gpapi::utils::openssl] Using 'UnsafeLegacyServerConnect' option
[2025-07-03T18:38:40Z DEBUG tiny_http] Server listening on 127.0.0.1:39227
[2025-07-03T18:38:40Z INFO  auth::browser::browser_auth] Launching browser: brave
[2025-07-03T18:38:40Z INFO  auth::browser::auth_server] auth server started at: http://127.0.0.1:39227/xxxxx-xxxx-xxxxxx-xxxxx
[2025-07-03T18:38:40Z DEBUG tiny_http] Running accept thread
[2025-07-03T18:38:40Z INFO  auth::browser::browser_auth] Please continue the authentication process in the default browser
[2025-07-03T18:38:40Z INFO  auth::browser::browser_auth] Listening authentication data on port 40683
[2025-07-03T18:38:40Z INFO  auth::browser::browser_auth] If it hangs, please check the logs at `/tmp/gpcallback.log` for more information
[2025-07-03T18:38:40Z INFO  auth::browser::auth_server] received request, method: GET, url: /xxxxx-xxxxx-xxxxx-xxxxx
[2025-07-03T18:38:40Z INFO  auth::browser::auth_server] stop the auth server
[2025-07-03T18:38:40Z DEBUG tiny_http] Terminating accept thread
[2025-07-03T18:38:43Z INFO  auth::browser::browser_auth] Received the browser authentication data from the socket
[2025-07-03T18:38:43Z INFO  gpapi::gateway::login] Perform gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2025-07-03T18:38:43Z DEBUG reqwest::connect] starting new connection: https://my.vpn.example.com/
[2025-07-03T18:38:43Z DEBUG hyper_util::client::legacy::connect::dns] resolve; host=my.vpn.example.com
[2025-07-03T18:38:43Z DEBUG hyper_util::client::legacy::connect::http] connecting to vpn-ip:443
[2025-07-03T18:38:43Z DEBUG hyper_util::client::legacy::connect::http] connected to vpn-ip:443
[2025-07-03T18:38:43Z DEBUG hyper_util::client::legacy::pool] pooling idle connection for ("https", my.vpn.example.com)
[2025-07-03T18:38:43Z INFO  openconnect::ffi] openconnect version: v9.12
[2025-07-03T18:38:43Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Microsoft Windows 11 Pro , 64-bit)
[2025-07-03T18:38:43Z INFO  openconnect::ffi] VPNC script: /etc/vpnc/vpnc-script
[2025-07-03T18:38:43Z INFO  openconnect::ffi] OS: win
[2025-07-03T18:38:43Z INFO  openconnect::ffi] CSD_USER: 1000
[2025-07-03T18:38:43Z INFO  openconnect::ffi] CSD_WRAPPER: /lib/openconnect/hipreport.sh
[2025-07-03T18:38:43Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2025-07-03T18:38:43Z INFO  openconnect::ffi] MTU: 0
[2025-07-03T18:38:43Z INFO  openconnect::ffi] DISABLE_IPV6: 1
[2025-07-03T18:38:43Z INFO  openconnect::ffi] NO_DTLS: 1
[2025-07-03T18:38:43Z INFO  openconnect::ffi] POST https://my.vpn.example.com/ssl-vpn/getconfig.esp
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Attempting to connect to server vpn-ip:443
[2025-07-03T18:38:43Z INFO  openconnect::ffi] Connected to vpn-ip:443
[2025-07-03T18:38:43Z INFO  openconnect::ffi] SSL negotiation with my.vpn.example.com
[2025-07-03T18:38:43Z INFO  openconnect::ffi] Connected to HTTPS on my.vpn.example.com with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Got HTTP response: HTTP/1.1 200 OK
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Date: Thu, 03 Jul 2025 18:38:43 GMT
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Type: application/xml; charset=UTF-8
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Length: 2418
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Connection: keep-alive
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Frame-Options: DENY
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Strict-Transport-Security: max-age=31536000;
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-XSS-Protection: 1; mode=block
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Content-Type-Options: nosniff
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] HTTP body length:  (2418)
[2025-07-03T18:38:43Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 180 minutes.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <lifetime-notify-prior>: 1800
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <lifetime-notify-message>: Your GlobalProtect session will expire in 30 minutes. Please save your work before your session expires.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <inactivity-notify-prior>: 1800
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <inactivity-notify-message>: Your GlobalProtect session will time out in 30 minutes. Please save your work before your session times out.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <admin-logout-notify-message>: Your administrator has logged you out.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <user_expires>: 1754159923
[2025-07-03T18:38:43Z INFO  openconnect::ffi] Idle timeout is 180 minutes.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <panos-version>: 11.1.4-h17
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] TCP_INFO rcv mss 1460, snd mss 1460, adv mss 1460, pmtu 1500
[2025-07-03T18:38:43Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2025-07-03T18:38:43Z INFO  openconnect::ffi] POST https://my.vpn.example.com/ssl-vpn/hipreportcheck.esp
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Got HTTP response: HTTP/1.1 200 OK
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Date: Thu, 03 Jul 2025 18:38:43 GMT
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Type: application/xml; charset=UTF-8
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Length: 127
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Connection: keep-alive
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Frame-Options: DENY
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Strict-Transport-Security: max-age=31536000;
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-XSS-Protection: 1; mode=block
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Content-Type-Options: nosniff
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] HTTP body length:  (127)
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Gateway says HIP report submission is needed.
[2025-07-03T18:38:43Z INFO  openconnect::ffi] Trying to run HIP Trojan script '/lib/openconnect/hipreport.sh'.
[2025-07-03T18:38:43Z INFO  openconnect::ffi] HIP script '/lib/openconnect/hipreport.sh' completed successfully (report is 4366 bytes).
[2025-07-03T18:38:43Z INFO  openconnect::ffi] POST https://my.vpn.example.com/ssl-vpn/hipreport.esp
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Got HTTP response: HTTP/1.1 200 OK
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Date: Thu, 03 Jul 2025 18:38:43 GMT
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Type: application/xml; charset=UTF-8
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Length: 69
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Connection: keep-alive
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Frame-Options: DENY
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Strict-Transport-Security: max-age=31536000;
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-XSS-Protection: 1; mode=block
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] X-Content-Type-Options: nosniff
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] HTTP body length:  (69)
[2025-07-03T18:38:43Z INFO  openconnect::ffi] HIP report submitted successfully.
^C[2025-07-03T18:38:47Z INFO  gpclient::connect] Received the interrupt signal, disconnecting...
[2025-07-03T18:38:47Z INFO  openconnect::ffi] Stopping VPN connection: 12
[2025-07-03T18:38:47Z INFO  openconnect::ffi] POST https://my.vpn.example.com/ssl-vpn/logout.esp
^@[2025-07-03T18:38:47Z INFO  openconnect::ffi] SSL negotiation with my.vpn.example.com
[2025-07-03T18:38:47Z INFO  openconnect::ffi] Connected to HTTPS on my.vpn.example.com with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Got HTTP response: HTTP/1.1 200 OK
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Date: Thu, 03 Jul 2025 18:38:47 GMT
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Content-Type: application/xml; charset=UTF-8
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Content-Length: 196
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Connection: keep-alive
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Set-Cookie: SESSID=xxxxxxx-xxxxx-xxxxx-xxxxxx-xxxxxxxxx; Path=/; SameSite=Lax; HttpOnly; Secure
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] X-Frame-Options: DENY
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Strict-Transport-Security: max-age=31536000;
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] X-XSS-Protection: 1; mode=block
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] X-Content-Type-Options: nosniff
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
[2025-07-03T18:38:47Z DEBUG openconnect::ffi] HTTP body length:  (196)
[2025-07-03T18:38:47Z INFO  openconnect::ffi] Logout successful.
[2025-07-03T18:38:47Z INFO  openconnect::ffi] openconnect_mainloop returned -4, exiting

Environment:

• OS: Arch Linux
• Desktop Environment: KDE 6.4.1
• Is remote SSH? [No]

Additional context
I tried a bunch of things, none work.

[CamperSamu]

Ok this GUI crash happens when you try to connect to a gateway using the portal mode, maunally selecting Gateway doesn't crash.
The issue still stands tho, the connection gets denied.

[yuezk]

@CamperSamu in the GUI, you can switch to the Gateway mode with the following steps:

And see if the GUI works after changing to the Gateway mode.

[CamperSamu]

that's how I've done it, thanks.

meanwhile I got a hold of the official linux client and installed it, but my office blocks access from linux so I had to get creative.
I patched the PanGPS executable and spoofed myself as a win11 pc, but I still get booted off with the Your administrator has logged you out message.
Then maybe it might not be your implementation or openconnect's implementation so I'm wondering if maybe it's the HIP report that trips it, but from what I can read from the logs that happens after the error message (unless a report gets sent alongside the first connection)

This is my first time ever interacting with globalconnect so I really don't know much about its inner workings, but I should probably open a different issue on this matter, if you're willing to help that is.
For now I am using a Windows VM, but I'd love to drop that solution.

[yuezk]

I'm trying to understand your problem. So even though you changed it to use the Gateway mode, you still cannot connect your VPN with my client?

[CamperSamu]

Yes, while the initial connection is successful and both the client and openconnect report that I am indeed connected, I cannot access any intranet IP, looking at verbose logging I get the following notification:

[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <lifetime-notify-prior>: 1800
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <lifetime-notify-message>: Your GlobalProtect session will expire in 30 minutes. Please save your work before your session expires.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <inactivity-notify-prior>: 1800
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <inactivity-notify-message>: Your GlobalProtect session will time out in 30 minutes. Please save your work before your session times out.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <admin-logout-notify-message>: Your administrator has logged you out.
[2025-07-03T18:38:43Z DEBUG openconnect::ffi] Unknown GlobalProtect config tag <user_expires>: 1754159923

My workplace blocks Linux clients, so I spoof myself as Windows which I can confirm it works in a VM from the same machine.
I tried using the official GlobalProtect client (that I found from a university of all places since my workplace doesn't distribute it) that of course would block access from Linux stating that my platform is not allowed, so I modified the PanGPS executable to report my machine as a Windows 11 machine, but of course my HIP reports would sitll be bad, so I get the same error i'd get with your client:

		<quarantine>no</quarantine>
		<lifetime>2592000</lifetime>
		<timeout>10800</timeout>
		<lifetime-notify-prior>1800</lifetime-notify-prior>
		<lifetime-notify-message>Your GlobalProtect session will expire in 30 minutes. Please save your work before your session expires.</lifetime-notify-message>
		<inactivity-notify-prior>1800</inactivity-notify-prior>
		<inactivity-notify-message>Your GlobalProtect session will time out in 30 minutes. Please save your work before your session times out.</inactivity-notify-message>
		<admin-logout-notify-message>Your administrator has logged you out.</admin-logout-notify-message>
		<user_expires>1754238414</user_expires>

At this point I can either rename and repurpose this issue or create a new one and mark this one as closed, unless you tell me you don't want to support this scenario.
Thanks for your time!