-
HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi all; I recently started a new job and I needs my remote access! My previous employer used Nortel Contivity and I used the Apani Contivity client; this was a bit of a pain since it's a proprietary kernel module, but it worked well (and it supported split tunneling, which is sweet!)
My new job uses Juniper's Network Connect VPN, which does not use a KLM (nice!) but does not support split tunneling (boo!) It has a very nice feature where it will try to download and install the software to your system the first time you run it... and it supports Linux! Yay! But, it only supports Red Hat (and other RPM-based distros, most likely) Boo! However, I was able to get it working with a bit of playing around :cool:
First, let me hand out props to this Flexion.org blog post by Martin... it got me going! However, it's specific to Ubuntu 5.10 and perhaps an earlier version of Network Connect and I needed to do a few different things.
Here's what I had to do; make sure openssl and the proper libstdc++ libraries are installed, as well as Sun's Java:
Code:
sudo aptitude install openssl libstdc++2.10-glibc2.2 sun-java5-bin sun-java5-jre
The installer wants to use su, not sudo. I just set my root password to something while I installed it, then reset it again later (find out how).
The installer also wants to run RPM to make sure you have openssl etc. installed. Since it doesn't actually use RPM for anything other than a check, I decided to just make a fake rpm that always succeeds. Do this:
Code:
sudo ln -s /bin/true /usr/bin/rpm
Finally, the service application tries to dlopen() the openssl library (I'm assuming, since ldd doesn't show it) and it's looking for libssl.so.0, which does not exist on our system per se. So make it exist with a symlink:
Code:
sudo ln -s libssl.so.0.9.8 /usr/lib/i686/cmov/libssl.so.0
We're all set to install! Connect to your server and use the "Start" button next to "Network Connect" under Client Application Sessions. It will open a terminal and ask for a password for su: use the one you set above. It will then install and connect and all should be working well.
At this point you can undo some of the customizations above: you won't need a root password anymore so you can undo that, and you can remove the rpm link:
Code:
sudo rm -f /usr/bin/rpm
I've only tried the most basic stuff but it seems to be working well for me!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I have done the same thing, except I didn't fake it out using your symlink method for rpm.
Instead, I edited the $HOME/.juniper_networks/network_connect/xlaunchNC.sh. Towards the bottom is the code that looks for rpm.
Code:
rpm -q openssl 1>> $1/missing.info
if [ "$?" -ne "0" ]
then
echo "RPM query for openssl failed." >> $1/missing.rpt
fi
I just commented these lines out. Then I ran
Code:
chattr +i xlaunchNC.sh
...on the file to prevent the logon script from overwriting this file on future logins to the vpn and reseting it back to default.
Works great for me!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I also had to
Code:
sudo apt-get install lesstif2
and
Code:
sudo ln -s /usr/lib/libXm.so.2 /usr/lib/libXm.so.3
so that if found libXm.so.
The dialog comes up, but it's filled with stuff like "label47". It's unreadable, but the VPN works great. :-)
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I didn't need to install Motif or Lesstif. Weird!
However, after updating to Edgy I had problems: it wanted to reinstall every time I tried to start my session. It turns out that whomever is creating the install and setup shell scripts for these packages is a horrible shell scripter. Really, I can't remember when I've seen worse. It's one thing to have crappy scripts for internal processes but to release them to customers? If you work for Juniper please find out who is responsible for this and beat them with a clue stick; they're embarrassing your company.
Since in Edgy /bin/sh is really dash, not bash, and these scripts are in no way valid POSIX sh scripts, they break badly... but for no reason other than they're poorly written.
I've attached new versions of these two scripts. Copy them into ~/.juniper_networks/network_connect. I made them immutable with chattr +i, as described elsewhere in this thread, although I'm not sure that's necessary.
Hrmph. I can't attach anything. When I try to and click the upload button FireFox gives me a dialog saying I want to open newattachment.php and what application do I want to use? I tried "firefox" but that opened a blank window. So I guess if you need these, email me or send me a private message.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Another hint: I was having my login session messed up every so often. After looking carefully I realized that my DHCP client kept rewriting my /etc/resolv.conf file every time my lease was re-acquired, so I was no longer using the VPN network's DNS servers. It was also rewriting the search string so searches for hostnames weren't being resolved correctly.
The solution I used was to disable setting of the domain-name and domain-name-servers in my DHCP client; this means that if my DHCP server changed this I wouldn't automatically know about it which is a bummer, but that's very unlikely so it's the lesser of two evils.
What you need to do is edit /etc/dhcp3/dhclient.conf, and remove the domain-name and domain-name-servers from the "request" attribute list. The docs are not very clear that this means that /etc/resolv.conf won't be updated, but in fact that seems to be the case. Note you need to restart the DHCP client; an easy way to do that is to run "sudo ifdown eth0" then "sudo ifup eth0" (or whatever your network interface is). I suppose you can also bring the interface down and back up through the GUI but I've had problems with that in the past.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Question: I finally got the client to connect and work in my VMWare virtual machine of ubuntu, but as soon as it connected, the whole OS seemed to lock up.. and I think it may be because everything is getting routed through that adapter, and since I rely on NFS for my home dir and NIS for auth, that is probably killing it right?
Anybody else have this problem? So my question is (and I suppose people might want this even if they weren't having this problem), how do I selectively route to this java adapter/client instead of it redirecting everything to that adapter?
FG
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
madscientist, could you try to attach those files again ?? Also anyone get this to work with Feisty ??
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi madscientist, could you make Juniper "Network Connect" work with Edgy? If so can you update this howto? For the scripts, instead of attachments how about a simple copy/paste on a port here ? :)
Thanks... hope you see this soon!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I was able to get this to work on Edgy following the first post. My only issue now is that I want tsclient to go through tun0 connection that Network Connect is using. Anyone know how to make that happen?
I changed the order of my DNS and that resolved the issue.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I get this error when trying to connect...
http://i138.photobucket.com/albums/q...Screenshot.png
This is pretty much the closest I got with google...
http://www.juniperforum.com/index.php?topic=3014.0
That didn't help much and now I'm kinda stuck here :confused:
-
Works on edgy!
Using Edgy, this worked EXACTLY as described in the original thread! God Bless You Hacker!!!
-
1 Attachment(s)
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Bleah! I signed up to have private messages emailed to me but I don't get any email! Frustrating. Sorry I haven't checked this thread in quite a while.
Anyway, I'll try attaching my scripts again and maybe it will work this time.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Quote:
Originally Posted by
lordmundi
Question: I finally got the client to connect and work in my VMWare virtual machine of ubuntu, but as soon as it connected, the whole OS seemed to lock up.. and I think it may be because everything is getting routed through that adapter, and since I rely on NFS for my home dir and NIS for auth, that is probably killing it right?
Anybody else have this problem? So my question is (and I suppose people might want this even if they weren't having this problem), how do I selectively route to this java adapter/client instead of it redirecting everything to that adapter?
The system will automatically create a virtual IP interface using tun, then set up routes to send the VPN-bound traffic to the new interface. It will also reset /etc/resolv.conf so that your DNS server is pointing to the server over the VPN, so you can resolve local addresses inside the VPN.
Either of these things may be causing you to have problems. If the connect is not working properly, or if it throws some kind of invalid value into /etc/resolv.conf, then you won't be able to resolve any hostnames and that can often make it look like your system is locked up. Check the contents of /etc/resolv.conf and make sure that the address(es) there for "nameserver" are accessible (you can try pinging them).
Also, if your remote site is using an overlapping IP address space, then you could have problems (although I don't think your system should lock up). For example, on my home network I'm using the common 196.168.* class B range. However, my work internal network also uses that same class B range (this is kind of bogus but...) Now all traffic that I want to send to my local systems will instead get routed through the VPN. Not good. To fix this I modified my local LAN to use one of the other reserved IP address spaces.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Quote:
Originally Posted by
ariel
Hi madscientist, could you make Juniper "Network Connect" work with Edgy? If so can you update this howto? For the scripts, instead of attachments how about a simple copy/paste on a port here ? :)
It works fine with Edgy, using the same directions. I don't recall needing to do anything different.
I was able to get the attachment to work finally; check post #12 for this thread.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Quote:
Originally Posted by
nikoli
I get this error when trying to connect...
That didn't help much and now I'm kinda stuck here :confused:
Hm. that library is provided as part of the network connect package. Try using the scripts attached in post #12 and following the directions. Make sure you're not overriding LD_LIBRARY_PATH in your shell setup (~/.bashrc or similar).
I don't really have any other suggestions right now... :-k.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
nikoli: I'm getting the same exact error as you. Did you ever figure out how to resolve it?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
The Juniper didn't function at all before I found this thread so thanks y'all!
Got it to work using the main post on Edgy without any hassle.
My steps:
1. RPM Updates:
%%sudo aptitude install openssl libstdc++2.10-glibc2.2 sun-java5-bin sun-java5-jre
2. RPM fakery
%%sudo ln -s /bin/true /usr/bin/rpm
3. SSL Lib Setup - here the original post doesn't say where to create the link, so I assumed it was in the junpier's directory - ~/.juniper_networks/network_connect (This directory was created after my first attempt failed)
%%sudo ln -s libssl.so.0.9.8 /usr/lib/i686/cmov/libssl.so.0
4. Login to the Juniper and launch. Type su pw when requested.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
These fixes worked great in Edgy...sadly since carrying out a fresh install of Feisty it's completely broken and I cannot get it going again. I get as far as the java gui loading but it disappears after a couple of seconds and no connection is made.
Anyone get feisty working with network connect? I can't believe Juniper don't support linux a little better than this.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I upgraded to Feisty last week and my Juniper connection works fine. Note that I upgraded rather than reinstalling, so this is really my previous installation that continues to work, rather than a brand new install.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Did anyone manage to get this working in some form on an amd64 feisty install?
I created a 32bit chroot for firefox anyways.. and followed the instructions there. I can get it to install, but it can't ever connect. Probably something that the ncsvc service is trying to do that doesn't work because it's a 32bit chroot running on a 64bit kernel?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I had a problem on my fresh install at first because I accedently skipped this step
"The installer wants to use su, not sudo. I just set my root password to something while I installed it"
It crashed the Network connect applet while connecting. After setting the password and installing the app everything runs smooth. :guitar:
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi, I followed instructions of the first post. When I log into the Juniper home page, and I click the button Start besides "Windows secure application manager" I get the "Your OS/platform is not supported for this component." message.
Neither the directory ~/juniper_networks is created.
My customer has Juniper Secure Access SSL VPN. Is this the same you are succeeding to run here?
Where I'm going wrong?
thanks
Davide.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Of course you should not click the button that says "Windows secure application manager", because you are not running Windows. You are running GNU/Linux, and therefore the Windows secure application manager will not be supported on your system.
Instead, you should click the button above that that says "Network connect".
Then proceed as described.
-
1 Attachment(s)
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
thanks for the reply.
After logging in to the customer VPN site I have the page I attach so no "Network connect".
Any consideration on this?
Thanks
Davide.
-
1 Attachment(s)
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Looks like your company didn't deploy the non-Windows VPN solution.
I don't know that much about the administrative side of this so I can't say if that costs extra, or how you might go about getting it enabled. You'll have to contact your IT folks and ask them to turn it on.
I've attached a screenshot of what the bottom of my VPN page looks like.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi
This thread has given me great hope, I am trying to connect to our corporate VPN, and I am unable to do so from Linux. Our company is basically only on MS, and our solutions dont focus on any other OSs.
The problem is that on our Juniper solution, if I authenticate on the website with the token, I will not see the Network Connect, nor the Windows Application Manager unless I am on the AD domain. I guess its the host checker which checks it? Any way to overcome that limitation?
When I connect from a windows machine thats on our Global AD, I am shown the Application Manager, etc.
Thanks
Ben
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Is there anybody that can point me where to obtain the linux client software? is it enough to put the installation files in the ~/.juniper_networks foler?
thanks
-
1 Attachment(s)
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hello,
I am also trying to get Ubuntu to work with Network Connect. After supplying credentials, the Network Connect piece begins to load and the following error is displayed:
"rpm query for openssl failed".
Screenshot attached.
Any help on this is sincerely appreciated.
Respectfully,
Bob Slattery
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Did you follow the directions in the very first post on this thread? If you had you wouldn't be getting this error ;)
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
My humble apologies for breaking the first rule of posting to the thread - READ THE ENTIRE THREAD FIRST!!
After reading the complete thread, my fresh feisty install works wonderfully with Netwrok Connect except for DNS, no name resolution through the NC tunnel. I am working on that issue now and believe I saw someone with the same issue posted here.
Thanks for *scold*, I needed it.
Respectfully,
bslattery
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Not to worry. Reading the entire thread is always best, but note that in the "Tutorials & Tips" forums, with threads titled HOWTO, it's especially crucial to read the FIRST post, because the first post is the actual "tutorial" part.
Cheers!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi
Sorry to re-ask, but do you have any ideas about my problem, explained above? Its regarding the Host-checker, etc.
Thanks
Ben
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Sorry, but I don't know. It sounds to me, if you can't see the Network Connect icon when you log in, that the server is not configured to support the Linux client or there some other server configuration issue. I don't really know what "host-checker" is?
I'm completely unfamiliar with the server side of this solution; I've only ever used/seen the client. Maybe you'd have more luck asking on a Juniper support forum?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi
Thanks a lot. I guess I am out of luck anyways, because when I logged in from a Windows box, that is on the AD, I can only see the Windows Secure Application Manager, and not the other one which may work for linux. So even if I can fake my Ubuntu box to act as if part of the domain, the windows applicaton manager will never launch on a Linux box.
Thanks for your kind help anyways, I will ask the Juniper guys just to be sure that my assumption is right,
Cheers
Ben
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Ben, if you ever some feedback to juniper forums could you report it back here ? or post the link to the thread?
Many thanks
Davide.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi, I am trying to get network connect working on Debian and found this page. I followed the instructions. The network connect dialog popped up but I couldn't connect. The diagnosis message indicates the NC installation check failed. The NC service is not running. Anyone has idea how to fix this problem?
Thanks!
-
1 Attachment(s)
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
hi
i am using feisty
i followed the first post all the way through but i am getting this error (see pic)
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
That error message looks to me like you haven't linked RPM, like this:
sudo ln -s /bin/true /usr/bin/rpm
Are you SURE you successfully did that? If you say "ls -l /usr/bin/rpm" what do you get? If you run this "/usr/bin/rpm && echo ok" does it print "ok"? If not then something is not right with this step.
Unfortunately Juniper only produces packages for RPM-based distros and they use the RPM program to find out whether the libraries, etc. they need are installed, instead of a more portable method such as ldd or whatever. Anyway, in order to "fake out" the installer so that it won't complain that you don't have those libraries, you have to run the above sudo command.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I did everything like you did in the first post.
Here is what you asked of me:
Quote:
dachinster@Ubuntu:~$ sudo ln -s /bin/true /usr/bin/rpm
ln: creating symbolic link `/usr/bin/rpm' to `/bin/true': File exists
dachinster@Ubuntu:~$ ls -l /usr/bin/rp
rpcclient rpcinfo rpl8 rpm
dachinster@Ubuntu:~$ ls -l /usr/bin/rpm
lrwxrwxrwx 1 root root 9 2007-06-03 08:22 /usr/bin/rpm -> /bin/true
dachinster@Ubuntu:~$ /usr/bin/rpm && echo ok
ok
dachinster@Ubuntu:~$
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hm, interesting. I wonder if you have a very different version; yours seems to need Motif, which someone else mentioned in an earlier post here but which my version definitely does not need.
After an unsuccessful start, do you still have a ~/.juniper_networks directory? Can you look at the file ~/.juniper_networks/network_connect/version.txt? If so what does it say?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
What version do you have?
I think mine is an early version
When i check the version, this is what i see
Quote:
dachinster@Ubuntu:~/.juniper_networks/network_connect$ cat version.txt
Version: 1.0
dachinster@Ubuntu:~/.juniper_networks/network_connect$
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
My version is 1.2. It seems like older versions of the tool might have been written in Motif? If you look at post #3 on this thread there's one from someone else who also had to install Motif (lesstif is an open source reimplementation of Motif) to get his VPN working. Start there and see if that helps at all.
Of course, you could also ask your IT folks to upgrade to the newer version; I'm sure there must be some security and other bug fixes that would be nice to have anyway.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Just want to check I'm not missing a trick or two here:
1 Should I expect to connect to a Windows Citrix server using Juniper VPN on Ubuntu, or will this only work if I attempt to connect to the Citrix server using a Windows PC?
2 If the answer to above is yes I should be able to connect to a Windows Citrix server using Ubuntu and Juniper VPN, does the Citrx server have to be configured to handle a session from my Ubuntu box, or should it all work seamlessly?
Thanks
Paul
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Citrix doesn't have anything to do with Juniper VPN as far as I'm aware. If you need the Juniper VPN working in order to get network access to the Citrix server, and that you cannot get the VPN running, then we might be able to help if you describe the problem.
If you have the VPN running (or don't need it) and you're trying to get the Citrix client working, we can't help there: you want to look at a thread dealing with Citrix, like this: http://ubuntuforums.org/showthread.php?t=17979
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I am trying to follow the instructions on the first post, but I am seeing a few issues.
I'm running Ubuntu Fiesty (7.04 AM64).
First, I cannot install the c++ libs libstdc++2.10-glibc2.2-0. They cannot be found by either apt-get or aptitude.
I did try installing any other libc++ stuff I could find:
Code:
libstdc++5, libstdc++6, libglib2.0-0, libglib-java
I did try using the RPM package with Alien, but still the same behavior as follows. With Alien and RPM I tried both with and without the "fake-rpm" step before and after the alien install.
I see the Java download page, but I only get about 3 or 4 blocks in on the progress bar before FireFox just crashes (disappears).
If I look at the setup version file on my windows machine after connecting, this is what I see:
Code:
[Setup]
DisplayVersion=5.5.0.11711
DisplayName=Setup
SecurityPatch=1
I have just tried the lesstif install and the same result.
Anyone have any ideas why I cannot get it to work? How can I get more debug or log information to help find out what my problem is?
Final point: my ~/.juniper_networks folder is empty.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
First let me say that I wouldn't be at all surprised if the kit didn't work on a 64bit system. Although it's obviously quite possible to run 32bit apps on a 64bit system, it requires the person creating the kit to do it carefully and properly, and in my experience most 3rd party proprietary software doesn't do that.
So, you may be out of luck unless you install a 32bit version of Ubuntu on your 64bit system (which will work, but seems a shame). Or, you could try to do something super-fancy like create a 32bit chroot environment or something--but you'll have to go elsewhere for help with that.
That being said:
I checked my current install of Network Connect and it does not appear to require the old libstdc++ version 2 any longer: at least none of the programs on my system use it (according to ldd). So, either only the installer uses it or that requirement has changed since the version I was using last summer. If the former then you'll need to
Second, I'm not sure what you mean when you said you used alien on the RPM. What RPM? When I did my install everything downloaded from the server and unpacked into my home directory by default. There was no RPM installed, and nothing was installed into /usr or any other restricted directory.
Third, that version you see on your windows system is completely unrelated to the Linux version.
I think you need to re-ask your question with more precise details, because I couldn't really understand where the problem was from what you posted. So, you connect to your remote server using FireFox and that works, right? Then you see the Network Connect button and you click that, right? Then... what happens?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I was working with our IT guy who was using the VPN on his Fedora machine... He has admin access to the VPN appliance where the application installers are located. So we tried downloading the RPM installer and then converting it using alien. That doesn't seem to really install it properly either. So I have removed it, alien and rpm.
I have tried again with lesstif and libmotif3 installed but still my browser crashes.
So to clarify what I was doing:
Yes, I can reach the logon page for my remote VPN.
Originally the default preferences were set to automatically load the "Network Connect" application upon logging on, and thus immediately after logging on the java download/ install progress bar is shown.
Now, I have changed the preferences to manually start the application.
Upon clicking on start, the java icon image is shown on a new page with a progress bar above it. The first two blocks of the progress bar complete very quickly. The third and then fourth take about 20secs to reach. The fourth block is painted and within 2secs of that - firefox disappears!!! Process, everything, gone.
I'm not sure where to look to find more information about why this happens. I have even left the root password enabled???
Please, any hints or let me know what commands to run in order to tell you what is installed that may be relevant.
While I cannot currently connect directly from linux, I have been able to run the machine in a vm using physical drive mappings. Using NAT allows the linux install to piggy back my windows VPN connection when it is active.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Unfortunately I don't have any great ideas for you. If FireFox goes down that seems to me to imply that at least the installer plugin is doing something very bad. I'm still pretty suspicious about the 64bit thing. The only place any sort of error log would appear would be in the ~/.juniper_networks directory I believe.
I suppose if you get desperate you could try running strace on the PID and see if it reveals anything interesting.
Something else you might try is booting your system off of a 32bit Ubuntu LiveCD, and trying to get onto the VPN using that. Alternatively, since you have VMWare you could try installing a 32bit Ubuntu in VMWare and see if the VPN works there.
If it works in either of these situations, you'll have to file a bug report with Juniper and ask them to support 64bit Linux.
If you do get it installed and working in a 32bit environment you might try copying the installation stuff into your 64bit home directory and see if it works there. I've seen software where only the installer was broken under 64bit, but once it was installed it worked fine.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Works perfectly in feisty. Just had to get the newest java plugin for firefox.
sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts
http://www.ubuntugeek.com/how-to-ins...in-ubuntu.html.
Now I really can think of why I need windows.
Thanks!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
madscientist,
I followed the instructions on the first page and am getting partial sucess. Basically,I am still prompted for the su password. I'm running Feisty btw.
The error:
Code:
/home/username/.juniper_network/network_connect/installNC.sh: 9: cannot open such file
/home/username/.juniper_network/network_connect/installNC.sh: 9: 1: not found
Service needs to be reinstalled.
When I enter the root/su passowrd, it connects fine. If I cancel this (CNTRL-D) and 'N' to try again, I still get connected.
I tried:
- deleting ~/.juniper_networks
- Start netconnect
- Cancel password prompt
- deteting ~/.juniper_networks/network_connect
- cp -R ~/.juniper_networks/tmp to ~/.juniper_networks/network_connect/
- extracted your installNC.sh and xlaunchNC.sh to the network_connect directory
- chmod +x ~/.juniper_networks/network_connect/*.sh
- Login to the juniper box and start netconnect
- Still prompted for su password
I noticed that ~/.juniper_networks/network_connect/ncsvc was owned by root:root
I tried chown'ing it to myself and it still prompts for su password.
Do you (or anyone who have had my problem) know what I'm missing?
Regards and thanks for the post!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
This is because apparently Juniper doesn't employ anyone who knows how to write shell scripts (or else they're busy elsewhere). See my post #4 and also my post #12. You'll need to replace the scripts in your package with the ones in the attachment, then (maybe) use chattr +i to make them immutable.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Thanks for the quick reply, madscientist.
Unfortunately, when trying to 'chattr -i' the files in question, I get:
Code:
chattr: No such file or directory while trying to stat install
I know this is not a VPN connectivity issue, but have you come across this before? I'm running Feisty on REISERFS partitions.
I tried this on another Feisty installation and same problem. The command did work on a RedHat machine (I copied the files onto USB drive and ran the commands on the files from RedHat).
But when I took it back to my Feisty laptop, NetConnect would still prompt for reinstallation of the service.
Anyway, any insight (from someone with 5 cups) would greatly help a single-cupper.
T
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Sorry, you're out of luck if you're using reiserfs. That filesystem doesn't support the chattr command.
There may be some other way to make files on reiserfs filesystems immutable even to root, but I don't know what they are. You'll have to seek out someone using reiserfs filesystems (this is not a standard filesystem type for Ubuntu AFAIK).
It's possible you won't need this anyway; you should try it without the chatter, just replacing the scripts, and see if it works. The Juniper stuff is hugely annoying in that it seems to unpack itself every time you connect, but maybe it will work anyway.
It's pretty obvious Juniper doesn't give a crap about Linux. I guess they think we should be happy they offer any support at all.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I am a rookie in Linux....!!! So pls pardon me if I am asking any silly Qs.
I can't really get past the following lines even after supplying my root password..What must be the problem.. ?
I have also edited the su commands to sudo in the script.. becoz i read somewhere that ubuntu uses sudo instead of su.. but even that didn't help me..
========================================
~/.juniper_networks/network_connect/installNC.sh: 9: 1: not found
Service needs to be installed for the first time.
Please enter the root/su password
Password:
su: Authentication failure
Sorry.
Invalid su password and/or Unable to install ncsvc
Do you want to try again (enter y to try again):
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
If you check the first message in the thread it says: "The installer wants to use su, not sudo. I just set my root password to something while I installed it, then reset it again later" Unfortunately it looks like the link I provided there has been changed so it no longer tells you how to do that. So, run this:
sudo passwd
then when it asks for a password type your password first. Then it will ask for ANOTHER password; this will be the root password. You can put whatever you like here, it's just temporary. Then it will ask you to confirm the password; type the root password again.
Now, when you start up network connector and it asks for the root password, enter the one you created. It should work. It should also not need to do this again since it's installed what it needs to.
So, you should undo your root password again (trust me: the one and only time one of my Linux systems was hacked was because I forgot to reset the root password and I had used an easily-guessable one; someone brute-forced it 5 months after I had changed it :-/) To unset it again use:
sudo passwd -l
to lock the root password again.
The reason changing the script doesn't help is because network connector unpacks the scripts again every time you start it. Annoying, to be sure.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
All this does work for feisty. You need to make sure you have the packages as detailed in the begining:
Code:
apt-get install openssl libstdc++2.10-glibc2.2 sun-java5-bin sun-java5-jre
next do
Code:
ln -s /bin/true /bin/rpm
and I also had to change this
Code:
ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so
If you need any help try to PM me and I will be glad to help out as I can. Juniper has chosen to only support RPM based programming. If you want future mainline support get with your local Juniper rep and ask them to submit an ER to support DEB or you can contact myself ;-)
best of luck
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I don't care so much about supporting only RPM (it would be nice to support DEB as well, but we can work with it). I just wish they would spend a little time creating sane shell scripts instead of the buggy mess they have now. That would make things MUCH simpler. After that, if they could get a more traditional install model (where the install is a separate step, if it requires root privileges) that would be nice too.
But I have to say, I much prefer this model to the Nortel/Apani client model; that client is unquestionably more polished and has some features the Juniper one doesn't, but it (a) costs a lot extra, and (b) requires a proprietary kernel module which makes it a big PITA: you have to downgrade your kernel and/or run a custom kernel to use it.
Cheers!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
from https://lists.ubuntu.com/archives/ub...il/112723.html
ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so
resolves the libncui.so issue
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Thanx a Ton friends.. specially to madscientist and nofear07..
My VPN connection is working fine...I did exactly what madscientist mentioned in #56 thread and it solved the password issue...Fantastic.
BTW: How can I stop the shell pop-up which asks me to enter root password.. I have inactivated the password and the VPN works even after forcibly closing this shell, but How can I get rid of this pop-up?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hm. I never get any kind of popup asking for a root password. I wonder if something didn't "take" during your install, so the system thinks that you need to reinstall every time you start. You might try adding back the /usr/bin/rpm symbolic link and see if that helps at all.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Quote:
Originally Posted by
madscientist
Hm. I never get any kind of popup asking for a root password. I wonder if something didn't "take" during your install, so the system thinks that you need to reinstall every time you start. You might try adding back the /usr/bin/rpm symbolic link and see if that helps at all.
Hi...
As you say in #4, in Feisty /bin/sh is a symbolic link to /bin/dash, so, why not to change that to /bin/bash (like it is in Debian and other distros):
Code:
sudo ln -sf /bin/bash /bin/sh
Does it has other "side effects"???
P.D. i used to work with Debian and the reinstall window didn't show every time i logged on... because it uses bash, i've changed in Feisty and stopped showing :)
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
It's an option. In theory it shouldn't break anything, because dash is a 100% POSIX conforming shell (at least that's the goal) with no (or at least hardly any) extra added features, while bash is supposed to be a strict superset (almost, esp. if you set POSIXLY_CORRECT) of POSIX sh. So, any script that works in dash should work the same way in bash.
However, for myself I'm not willing to go that route. Call me a purist or anal retentive or whatever you want, but this "/bin/sh is /bin/bash" strikes me as the latest version of "all the world's a VAX" (for those of you old enough to remember what that means 8-)) and I refuse to give in.
Changing /bin/sh on your system is NEVER something to take lightly. I prefer to fix the shell scripts, as my attachment in #12 does.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I have replaced those files [installNC and xlaunch] with the ones in attachment, but I am still getting the pop-up.
I will install Debian/Ubuntu in one more m/c that I have here and try out from the beginning and reply with what I observe. I gotta give back something too, right!! :-)
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Did you use the "chattr +i" thing on them after you replaced them, as described in the post #4 ?
The Juniper software has the annoying habit of unpacking the package fresh every time you start the connector, thus overwriting any changes you made to it previously. Setting the files immutable will "fix" this.
See, I told you this software was very badly designed! :(
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
MadScientist, you may be mad, but you rock! Your scripts + instructions worked flawlessly in Feisty Fawn on an IBM T41 on Fawn 7.04 running patches as of 9/5/2007.
-wds
btw - I work for Juniper and have reflected the need to support Ubuntu and the editorial comments about our scripts to the product manager...I'll update the thread if I hear anything productive.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Thanks weekdaysailor! Support for Ubuntu would be great, but as I've mentioned before just having valid POSIX shell scripts instead of the broken mess we get today would go a long way towards lessening the pain.
It looks like we're going to have to replace the old saying "all the world's not a VAX" with "all the world's not Red Hat" #-o
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
For some reason about a week ago my Network Connect quit working (and had been working fine) I checked the ln for true and rpm. I check the ln for the libssl
I also removed all the files in $HOME/.juniper_networks/network_connect/ and retried still no go. I'm wondering if I have updated a package that broke a dependency or something.
This is the only thing in the ncui.log and yes I'm typing the password correctly:
20070910210414.493096 ncui[17246] ncapp.info New ncapp log level set to 3 (nccommon.cpp:75)
20070910210414.493165 ncui[17246] ncui.info read from params... (nccommon.cpp:121)
20070910210414.493235 ncui[17246] ncapp.panic Failed to read password from prompt (nccommon.cpp:591)
Thoughts as to what to try next?
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I slagged my install and started over (video crap driving me crazy) so I had a chance to re-do this howto. But this time I tested after every step and did NOT have to use the scripts Mad provided. (Feisty on IBM T41). In the meantime our SA box has been upgraded.
My point? Other things may have changed besides your OS. Check with your network admin and see if they upgraded or changed configs recently.
Cheers,
-Keith
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Interesting. What version of netconnect are you seeing now? It'd be nice to know when they fixed this.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Ok, I got it working. Don't know why but after a reboot it was working fine. So something was hanging the process.
Also I too did not have to use the scripts provided by madscientist. This is for Netconnect 1.2
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Hi all
Thanks a lot for the scripts madscientist, they work a treat.
I have found a little annoyance while using Juniper VPN however, maybe you guys got around this already:
I use firestarter for firewall configuration, and I cannot seem to figure out what policy to add to allow all traffic from the VPN to go through. So far my "fix" is to turn the firewall off while connected to the VPN... Which is ok, but annoying.
Does anyone know how to make firestarter understand I don't want it to filter (and block) traffic from the VPN?
Thanks a lot!
- Trib'
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
This is really great news for me as my company just switched to the Juniper Network system (from Cisco).
I have a couple of questions --
1. Has anyone gotten this to work with 7.04 64-bit? Or will I need to go to 32-bit for this to be happy.
2. I have a copy of XP that hasn't been activated. I was waiting due to the fact that I'm going to be upgrading my hardware soon. When XP Activates, how does this work on a virtual machine? If I upgrade my hardware, but run the same virtual machine, does XP throw up a red flag?
Thanks for any help!
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Anyone have this working in gutsy? The GUI comes up for me and either immediately crashes or gives a connection failure. I'm running int the LiveDVD though, so I'm wondering if that's the problem. I couldn't get gutsy to install in Parallels on my Mac and don't want to install gutsy until I know I can get network connect working.
-
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
Quote:
Originally Posted by
fangorious
Anyone have this working in gutsy? The GUI comes up for me and either immediately crashes or gives a connection failure. I'm running int the LiveDVD though, so I'm wondering if that's the problem. I couldn't get gutsy to install in Parallels on my Mac and don't want to install gutsy until I know I can get network connect working.
It might be a live cd issue. I got it working on an installed festy. However, I tried to make a live cd with "reconstructor" based on the sames scripts and packages, but wasn't able to get it connect. It's probably a file permission problem since live cds use a special file system.
Anyway, I will check it again when I'll have time and inform you on this post.
Meanwhile, you might try it installing gutsy on a virtual machine.