Tuesday, June 16, 2009

Juniper Network Connect VPN on 64-bit Arch Linux

There are several guides out there that describe running Juniper Network Connect VPN client on linux (see particularly MadScientist's guide for Ubuntu). These are just some notes on running the client from the command-line on a 64-bit Arch Linux system.

Since the netsvc client is 32-bit, we need to install some 32-bit support software. The method I use is to install 32-bit compatibility libs (effectively making my system multilib). Another solution would be to install and run netsvc from a 32-bit chroot environment.

To download Network Connect, connect to your VPN server with a browser and click the Network Connect Start button. This will download the software to ~/.juniper_networks.

Install 32-bit libs:

  pacman -S lib32-glibc lib32-gcc-libs lib32-zlib


Extract your certificate:

  cd ~/.juniper_networks
  jar -xf ncLinuxApp.jar getx509certificate.sh
  sh getx509certificate.sh your.vpn.server.com certfile


You can now run netsvc as follows:

  netsvc -h your.vpn.server.com -u username -f certfile -r realm -p passwd


Your realm can be found from the HTML code of the server page. Look for something like:

  <input name="realm" value="Your Realm" type="hidden">


The following simple script takes care of the whole thing:

  #!/bin/bash
  ## Install as vpn.sh.
  ## Run as 'vpn.sh start' and input your password.
  ## It should be as simple as that.

  ## settings
  HOST="your.vpn.server.com"
  USER="YourUsername"
  REALM="Your Realm"
  JAR="/opt/java/bin/jar"
  JUNIPER="${HOME}/.juniper_networks"
  CERT="${JUNIPER}/network_connect/${HOST}.cert"
  NCSVC="${JUNIPER}/network_connect/ncsvc"

  start () {
    ## get passwd
    read -s -p "Password: " passwd
    echo ""

    ## get server certificate
    pushd ${JUNIPER}
    if [ ! -x "getx509certificate.sh" ]; then
      ${JAR} -xf ncLinuxApp.jar getx509certificate.sh
    fi
    sh getx509certificate.sh "${HOST}" "${CERT}" || die "failed get cert from $HOST"
    popd

    ## run the network connect program
    "${NCSVC}" -h "$HOST" -u "$USER" -f "$CERT" -r "$REALM" -p $passwd &
  }

  stop () {
    ## kill Network Connect
    ${NCSVC} -K
  }

  case "$1" in
    start)
      start
      ;;
    stop)
      stop
      ;;
    restart)
      stop
      start
      ;;
    *)
      echo $"Usage: $0 {start|stop|restart}"
      ;;
  esac
Posted by at
Labels: , ,

4 comments:

  1. UnknownOctober 21, 2009 at 9:27 AM

    JUNIPER does not work with MACs :(




    (VPN Server)

    ReplyDelete
  2. HarpoNovember 24, 2009 at 9:05 AM

    It works fine for me on Leopard. I believe Snow Leopard has some permissions issues, which can be fixed as follows:

    sudo chmod 755 /usr/local/juniper/nc/[version number]/
    sudo mkdir '/Applications/Network Connect.app/Contents/Frameworks'

    You may have to repeat this if you re-download the app.

    Discussion here:
    http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&message.id=4965

    ReplyDelete
  3. AnonymousAugust 27, 2015 at 9:16 AM

    Good solution for VPN connection.
    top10-bestvpn.com

    ReplyDelete
  4. UnknownSeptember 21, 2015 at 5:00 AM

    Thank you.This configuration works fine.
    Great post about VPN connection.
    10webhostingservice

    ReplyDelete

Subscribe to: Post Comments (Atom)