juniper vpn


Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?

I have happily used a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.

Thank you,

There's a linux nc connect client if you're using ive's...used to be tricky
with supplicants, but last time I tried it was pretty user friendly

I have had great success with the Shrew Soft vpn client and if you are
using Fedora it is only a 'yum install ike' away and works without root
and properly utilizes the tap interface while installing the proper
routes needed to get traffic going.

For aggressive mode dial-up vpn's against older Netscreen/Juniper gear
the Shrew Soft client can't be beat for easy of setup under Linux and

I have tried multiple different vpn configs from policy to route-based
vpns on Juniper/Netscreens and have never had luck getting the Linux
vpnc clients to properly work though others have claimed success. The
vpnc client will establish the tunnel but getting traffic to properly
pass even in the simplest of networks is to big of pain.

Since Shrew Soft has both Windows and Linux support, exporting a config
from a Linux client and emailing it to a friend on Windows just works.



Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays?


If you are using the SSL VPN and you should just be able login via the web
site. It does require the Sun....eerrr Oracle JRE plugin.

I'm using a 64-bit Debian install. The version we have here mostly works. Unfortunately Network Connect is the one thing that doesn't work. There is a nice script and instructions at that does the job for me. If I remember correctly, it'll ask you where you keep your JRE if it can't find the 32-bit version when it starts.

Thank you I will try it out.

To answer another question, I am not sure whether it is ipsec or ssl vpn, however since it's known that the en user experience is less than optimal I presume it's the ipsec variety.

Thank you,

I just checked, the script i am looking at calls the ncscv tool which I believe is made by juniper? It needs amongst other things an ssl certificate. So I presume it's using the latter.

This tool/script did download a certificate, however it appears to be a binary file, not the usual plain text file. Is there a way to retrieve the plaintext one or extract it from the binary file? Using "file" identifies it as a data file.


Assuming that it's a binary DER encoded x509 certificate, you can use OpenSSL to convert it to a base64 encoded PEM certificate with:

openssl x509 -inform DER -in <file> -outform PEM -out <file>

Edward Dore
Freethought Internet

Thanks, that did the trick.