[KingMachiavelli]

If anyone is required to use Palo Alto or any other closed source VPN, try using Openconnect [1]. It is an open source client for Palo Alto, Cisco, Juniper, etc. VPNs which typically are just cruft on top of IPSEC tunnels. While some of the features these VPNs offer sound cool but at the end of the day they use client side validation in the from of a 'trojan' binary that is downloaded and collects a bunch of metadata about your system. Obviously this can be spoofed pretty easily if you have full control of the machine. I know it works on Linux and it should work on Mac, and Windows.

With some tweaking you can also use it to configure a split tunnel (at least on Linux) VPN so that your employer can't spy on all of your web activity. (Really for any VPN you just need to update the routing table after the VPN software is running).

[1] https://gitlab.com/openconnect/openconnect

[paultopia]

Oh, how interesting! Thanks for linking this. I'd love to hear if anyone has experience with it---slightly anxious about using unknown software for sensitive tasks like VPN, but it does look like a pretty robust project...

[DrPhish]

I’ve been using it for years now. I have a Debian vm that is configured as a NATing router so I can flexibly send traffic wherever I want. Also use unbound to use the company dns for company internal queries only. With the particular Palo Alto config the company uses I need to peel a cert off of a windows domain member as well as my creds, but that’s not hard to manage

[kingosticks]

Used it since my employer rolled out Palo Alto in March. Zero problems and it was really easy to setup.