juniper vpn

Jeroen_van_Aart · November 28, 2012, 2:25am

Hello,

Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?

I have happily used http://www.unix-ag.uni-kl.de/~massar/vpnc/ a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.

Thank you,
Jeroen

Gregori_Parker · November 28, 2012, 2:34am

There's a linux nc connect client if you're using ive's...used to be tricky
with supplicants, but last time I tried it was pretty user friendly

Cody_Rose · November 28, 2012, 3:14am

I have had great success with the Shrew Soft vpn client and if you are
using Fedora it is only a 'yum install ike' away and works without root
and properly utilizes the tap interface while installing the proper
routes needed to get traffic going.

For aggressive mode dial-up vpn's against older Netscreen/Juniper gear
the Shrew Soft client can't be beat for easy of setup under Linux and
Windows.

I have tried multiple different vpn configs from policy to route-based
vpns on Juniper/Netscreens and have never had luck getting the Linux
vpnc clients to properly work though others have claimed success. The
vpnc client will establish the tunnel but getting traffic to properly
pass even in the simplest of networks is to big of pain.

Since Shrew Soft has both Windows and Linux support, exporting a config
from a Linux client and emailing it to a friend on Windows just works.

http://www.shrew.net/home

Regards,

Cody

Owen_DeLong · November 28, 2012, 3:27am

Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays?

Owen

James_Jones1 · November 28, 2012, 3:38am

If you are using the SSL VPN and you should just be able login via the web
site. It does require the Sun....eerrr Oracle JRE plugin.

Steve_Haavik · November 28, 2012, 11:17am

I'm using a 64-bit Debian install. The version we have here mostly works. Unfortunately Network Connect is the one thing that doesn't work. There is a nice script and instructions at http://mad-scientist.net/juniper.html that does the job for me. If I remember correctly, it'll ask you where you keep your JRE if it can't find the 32-bit version when it starts.

Jeroen_van_Aart · November 28, 2012, 8:09pm

Thank you I will try it out.

To answer another question, I am not sure whether it is ipsec or ssl vpn, however since it's known that the en user experience is less than optimal I presume it's the ipsec variety.

Thank you,
Jeroen

Jeroen_van_Aart · November 28, 2012, 9:19pm

I just checked, the script i am looking at calls the ncscv tool which I believe is made by juniper? It needs amongst other things an ssl certificate. So I presume it's using the latter.

This tool/script did download a certificate, however it appears to be a binary file, not the usual plain text file. Is there a way to retrieve the plaintext one or extract it from the binary file? Using "file" identifies it as a data file.

Thanks,
Jeroen

Edward_Dore · November 28, 2012, 10:03pm

Assuming that it's a binary DER encoded x509 certificate, you can use OpenSSL to convert it to a base64 encoded PEM certificate with:

openssl x509 -inform DER -in <file> -outform PEM -out <file>

Edward Dore
Freethought Internet

Jeroen_van_Aart · November 29, 2012, 2:50am

Thanks, that did the trick.