Hello, Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux? I have happily used http://www.unix-ag.uni-kl.de/~massar/vpnc/ a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn. Thank you, Jeroen -- Earthquake Magnitude: 4.0 Date: Wednesday, November 28, 2012 00:20:46 UTC Location: Dominican Republic region Latitude: 19.3090; Longitude: -68.8393 Depth: 139.00 km
There's a linux nc connect client if you're using ive's...used to be tricky with supplicants, but last time I tried it was pretty user friendly On Nov 27, 2012 6:28 PM, "Jeroen van Aart" <jeroen@mompl.net> wrote:
Hello,
Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?
I have happily used http://www.unix-ag.uni-kl.de/~**massar/vpnc/<http://www.unix-ag.uni-kl.de/~massar/vpnc/>a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.
Thank you, Jeroen
-- Earthquake Magnitude: 4.0 Date: Wednesday, November 28, 2012 00:20:46 UTC Location: Dominican Republic region Latitude: 19.3090; Longitude: -68.8393 Depth: 139.00 km
On Tue, 27 Nov 2012 18:25:46 -0800, Jeroen van Aart <jeroen@mompl.net> wrote:
Hello,
Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?
I have happily used http://www.unix-ag.uni-kl.de/~massar/vpnc/ a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.
Thank you, Jeroen
I have had great success with the Shrew Soft vpn client and if you are using Fedora it is only a 'yum install ike' away and works without root and properly utilizes the tap interface while installing the proper routes needed to get traffic going. For aggressive mode dial-up vpn's against older Netscreen/Juniper gear the Shrew Soft client can't be beat for easy of setup under Linux and Windows. I have tried multiple different vpn configs from policy to route-based vpns on Juniper/Netscreens and have never had luck getting the Linux vpnc clients to properly work though others have claimed success. The vpnc client will establish the tunnel but getting traffic to properly pass even in the simplest of networks is to big of pain. Since Shrew Soft has both Windows and Linux support, exporting a config from a Linux client and emailing it to a friend on Windows just works. http://www.shrew.net/home Regards, Cody
On 11/27/2012 07:14 PM, Cody Rose wrote:
I have had great success with the Shrew Soft vpn client and if you are using Fedora it is only a 'yum install ike' away and works without root and properly utilizes the tap interface while installing the proper routes needed to get traffic going.
Thank you I will try it out. To answer another question, I am not sure whether it is ipsec or ssl vpn, however since it's known that the en user experience is less than optimal I presume it's the ipsec variety. Thank you, Jeroen -- Earthquake Magnitude: 4.8 Date: Wednesday, November 28, 2012 18:05:30 UTC Location: Catamarca, Argentina Latitude: -27.8486; Longitude: -66.4048 Depth: 154.40 km
Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays? Owen On Nov 27, 2012, at 18:25 , Jeroen van Aart <jeroen@mompl.net> wrote:
Hello,
Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?
I have happily used http://www.unix-ag.uni-kl.de/~massar/vpnc/ a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.
Thank you, Jeroen
-- Earthquake Magnitude: 4.0 Date: Wednesday, November 28, 2012 00:20:46 UTC Location: Dominican Republic region Latitude: 19.3090; Longitude: -68.8393 Depth: 139.00 km
On Tue, Nov 27, 2012 at 10:27 PM, Owen DeLong <owen@delong.com> wrote:
Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays?
Owen
On Nov 27, 2012, at 18:25 , Jeroen van Aart <jeroen@mompl.net> wrote:
Hello,
Does anyone know a practical and somewhat user friendly way of connecting to juniper vpn using linux?
I have happily used http://www.unix-ag.uni-kl.de/~massar/vpnc/ a allow linux users to connect cisco vpn boxes where a crappy cisco vpn client would be needed otherwise, and it works very nicely. I was hoping there exists a similar tool for juniper vpn.
Thank you, Jeroen
-- Earthquake Magnitude: 4.0 Date: Wednesday, November 28, 2012 00:20:46 UTC Location: Dominican Republic region Latitude: 19.3090; Longitude: -68.8393 Depth: 139.00 km
If you are using the SSL VPN and you should just be able login via the web site. It does require the Sun....eerrr Oracle JRE plugin.
On Tue, 27 Nov 2012, james jones wrote:
If you are using the SSL VPN and you should just be able login via the web site. It does require the Sun....eerrr Oracle JRE plugin.
I'm using a 64-bit Debian install. The version we have here mostly works. Unfortunately Network Connect is the one thing that doesn't work. There is a nice script and instructions at http://mad-scientist.net/juniper.html that does the job for me. If I remember correctly, it'll ask you where you keep your JRE if it can't find the 32-bit version when it starts.
On 11/27/2012 07:27 PM, Owen DeLong wrote:
Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays?
I just checked, the script i am looking at calls the ncscv tool which I believe is made by juniper? It needs amongst other things an ssl certificate. So I presume it's using the latter. This tool/script did download a certificate, however it appears to be a binary file, not the usual plain text file. Is there a way to retrieve the plaintext one or extract it from the binary file? Using "file" identifies it as a data file. Thanks, Jeroen -- Earthquake Magnitude: 4.8 Date: Wednesday, November 28, 2012 18:05:30 UTC Location: Catamarca, Argentina Latitude: -27.8486; Longitude: -66.4048 Depth: 154.40 km
Assuming that it's a binary DER encoded x509 certificate, you can use OpenSSL to convert it to a base64 encoded PEM certificate with: openssl x509 -inform DER -in <file> -outform PEM -out <file> Edward Dore Freethought Internet On 28 Nov 2012, at 21:19, Jeroen van Aart wrote:
On 11/27/2012 07:27 PM, Owen DeLong wrote:
Do you want one for IPSEC or for the SSL VPN Appliance that Juniper is pushing nowadays?
I just checked, the script i am looking at calls the ncscv tool which I believe is made by juniper? It needs amongst other things an ssl certificate. So I presume it's using the latter.
This tool/script did download a certificate, however it appears to be a binary file, not the usual plain text file. Is there a way to retrieve the plaintext one or extract it from the binary file? Using "file" identifies it as a data file.
Thanks, Jeroen
-- Earthquake Magnitude: 4.8 Date: Wednesday, November 28, 2012 18:05:30 UTC Location: Catamarca, Argentina Latitude: -27.8486; Longitude: -66.4048 Depth: 154.40 km
On 11/28/2012 02:03 PM, Edward Dore wrote:
openssl x509 -inform DER -in<file> -outform PEM -out<file>
Thanks, that did the trick. -- Earthquake Magnitude: 4.6 Date: Thursday, November 29, 2012 02:23:59 UTC Location: Jan Mayen Island region Latitude: 71.0240; Longitude: -6.5291 Depth: 13.50 km
participants (7)
-
Cody Rose -
Edward Dore -
Gregori Parker -
james jones -
Jeroen van Aart -
Owen DeLong -
Steve Haavik