HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

[madscientist]

I have recently bought a Eee PC900 with Linux on it.
Being new to Linux I run into a lot of new things to learn.

One of the problems I had was connecting to my company network through Juniper VPN.

When I try to run the script I get the following error "Cannot resolve hostname $HOST".
I am 100% sure the host is correct and I can visit it through Firefox without a problem.

Does it really use the literal string "$HOST" in the message? Or does it use the hostname you entered as the server host?

I'm really not familiar with the distro of linux that comes on this system; it's not Ubuntu is it? If it really prints "$HOST" here, that means that the shell on this system is behaving oddly (unless you typed "$HOST" when it asked you for a hostname). You can remove the .vpn.cfg and .vpn.crt files in your home directory if you want to try starting over.

[cds03900]

Does it really use the literal string "$HOST" in the message? Or does it use the hostname you entered as the server host?

I'm really not familiar with the distro of linux that comes on this system; it's not Ubuntu is it? If it really prints "$HOST" here, that means that the shell on this system is behaving oddly (unless you typed "$HOST" when it asked you for a hostname). You can remove the .vpn.cfg and .vpn.crt files in your home directory if you want to try starting over.

Yes it uses the term $HOST which I didn't enter when it asked me for a hostname.
You are correct, the distro it uses is not Ubunto but Xandros.
Any sugestions?

[elenctic]

I am using Ubuntu 8.04 an madscientist's script to connect to a vpn. It works for awhile (usually 30s or so) and then the connection dies. My ssh session freezes. Below is the packet sequence that I captured using Wireshark. Everything looks good until the TCP Retransmissions and the TCP CHECKSUM INCORRECT errors start around packet 7914. Could someone please look at this and give me some insight? I am really stumped. Thank you!

The Wireshark logs: (see attached screenshot, too)

Code:

No.     Time        Source                Destination           Protocol Info
   7905 38.299327   192.168.74.16         172.20.49.156         TCP      33472 > ssh [ACK] Seq=5241 Ack=1600384 Win=171264 Len=0 TSV=15622614 TSER=4170538983
   7906 38.301442   208.70.66.53          192.168.1.103         TLSv1    Application Data
   7907 38.301491   172.20.49.156         192.168.74.16         SSHv2    Encrypted response packet len=208
   7908 38.301507   192.168.74.16         172.20.49.156         TCP      33472 > ssh [ACK] Seq=5241 Ack=1600592 Win=171264 Len=0 TSV=15622615 TSER=4170538986
   7909 38.305724   208.70.66.53          192.168.1.103         TLSv1    Application Data
   7910 38.305772   192.168.1.103         208.70.66.53          TCP      53441 > https [ACK] Seq=64738 Ack=1772123 Win=694144 Len=0
   7911 38.305822   172.20.49.156         192.168.74.16         SSHv2    Encrypted response packet len=288
   7912 38.305845   192.168.74.16         172.20.49.156         TCP      33472 > ssh [ACK] Seq=5241 Ack=1600880 Win=171264 Len=0 TSV=15622616 TSER=4170538991
   7913 38.390166   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7914 38.556029   192.168.1.103         208.70.66.53          TLSv1    [TCP Retransmission] Application Data, Application Data, Application Data, Application Data
   7915 39.091052   192.168.1.103         208.70.66.53          TLSv1    [TCP Retransmission] Application Data, Application Data, Application Data, Application Data
   7916 39.311862   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7917 39.579176   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1080 Ack=10781 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15622935 TSER=15622435
   7918 39.579292   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=10781 Ack=1100 Win=33920 [TCP CHECKSUM INCORRECT] Len=186 TSV=15622935 TSER=15622935
   7919 39.579322   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [ACK] Seq=1100 Ack=10967 Win=49536 Len=0 TSV=15622935 TSER=15622935
   7920 40.164047   192.168.1.103         208.70.66.53          TLSv1    [TCP Retransmission] Application Data, Application Data, Application Data, Application Data
   7921 40.336134   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7922 41.579175   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1100 Ack=10967 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15623435 TSER=15622935
   7923 41.579297   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=10967 Ack=1120 Win=33920 [TCP CHECKSUM INCORRECT] Len=186 TSV=15623435 TSER=15623435
   7924 41.579323   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [ACK] Seq=1120 Ack=11153 Win=49536 Len=0 TSV=15623435 TSER=15623435
   7925 41.651754   192.168.1.103         72.14.223.19          TLSv1    Encrypted Alert
   7926 41.651786   192.168.1.103         72.14.223.19          TCP      39213 > https [FIN, ACK] Seq=1375 Ack=13630 Win=37632 Len=0 TSV=15623453 TSER=2375551429
   7927 41.652012   192.168.1.103         64.233.167.83         TLSv1    Encrypted Alert
   7928 41.652030   192.168.1.103         64.233.167.83         TCP      53046 > https [FIN, ACK] Seq=2301 Ack=14385 Win=40448 Len=0 TSV=15623453 TSER=1775196206
   7929 41.652190   192.168.1.103         209.85.133.136        TCP      43192 > http [FIN, ACK] Seq=1 Ack=1 Win=69 Len=0 TSV=15623453 TSER=2446663484
   7930 41.769660   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7931 41.891032   192.168.1.103         209.85.133.136        TCP      43192 > http [FIN, ACK] Seq=1 Ack=1 Win=69 Len=0 TSV=15623513 TSER=2446663484
   7932 41.915023   192.168.1.103         72.14.223.19          TLSv1    [TCP Retransmission] Encrypted Alert
   7933 42.308053   192.168.1.103         208.70.66.53          TLSv1    [TCP Retransmission] Application Data, Application Data, Application Data, Application Data
   7934 42.375116   192.168.1.103         209.85.133.136        TCP      43192 > http [FIN, ACK] Seq=1 Ack=1 Win=69 Len=0 TSV=15623633 TSER=2446663484
   7935 42.443120   192.168.1.103         72.14.223.19          TLSv1    [TCP Retransmission] Encrypted Alert
   7936 42.793741   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7937 43.331053   192.168.1.103         209.85.133.136        TCP      43192 > http [FIN, ACK] Seq=1 Ack=1 Win=69 Len=0 TSV=15623873 TSER=2446663484
   7938 43.500368   192.168.1.103         72.14.223.19          TLSv1    [TCP Retransmission] Encrypted Alert
   7939 43.579107   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1120 Ack=11153 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15623935 TSER=15623435
   7940 43.579185   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=11153 Ack=1140 Win=33920 [TCP CHECKSUM INCORRECT] Len=186 TSV=15623935 TSER=15623935
   7941 43.579201   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [ACK] Seq=1140 Ack=11339 Win=49536 Len=0 TSV=15623935 TSER=15623935
   7942 43.715411   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7943 45.251051   192.168.1.103         209.85.133.136        TCP      43192 > http [FIN, ACK] Seq=1 Ack=1 Win=69 Len=0 TSV=15624353 TSER=2446663484
   7944 45.353940   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7945 45.580189   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1140 Ack=11339 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15624435 TSER=15623935
   7946 45.580491   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=11339 Ack=1160 Win=33920 [TCP CHECKSUM INCORRECT] Len=186 TSV=15624435 TSER=15624435
   7947 45.580527   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [ACK] Seq=1160 Ack=11525 Win=49536 Len=0 TSV=15624435 TSER=15624435
   7948 45.611054   192.168.1.103         72.14.223.19          TLSv1    [TCP Retransmission] Encrypted Alert
   7949 46.378063   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7950 46.595129   192.168.1.103         208.70.66.53          TLSv1    [TCP Retransmission] Application Data, Application Data, Application Data, Application Data
   7951 47.299602   Cisco-Li_19:e0:b6                           ARP      Who has 192.168.1.103?  Tell 192.168.1.1
   7952 47.580164   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1160 Ack=11525 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15624935 TSER=15624435
   7953 47.580283   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=11525 Ack=1180 Win=33920 [TCP CHECKSUM INCORRECT] Len=640 TSV=15624935 TSER=15624935
   7954 47.580318   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [PSH, ACK] Seq=1180 Ack=12165 Win=49536 [TCP CHECKSUM INCORRECT] Len=20 TSV=15624935 TSER=15624935
   7955 47.580383   127.0.0.1             127.0.0.1             TCP      4242 > 33405 [PSH, ACK] Seq=12165 Ack=1200 Win=33920 [TCP CHECKSUM INCORRECT] Len=186 TSV=15624935 TSER=15624935
   7956 47.619122   127.0.0.1             127.0.0.1             TCP      33405 > 4242 [ACK] Seq=1200 Ack=12351 Win=49536 Len=0 TSV=15624945 TSER=15624935

[elenctic]

I finally found out the problem. Its fix was pretty simple. My home network had an IP address collision with the VPN's remote network, so I set my home network to use a new RFC 1918 private IP range. All packets that were supposed to go to my home router were being routed straight to a machine at the other end of the VPN. It took a while for the routing table to enable the routes that the VPN adds, so that might explain why the VPN worked for a few seconds then died. I'm puzzled why this problem just showed up after I upgraded to 8.04 from 7.10 though.

[madscientist]

Yes it uses the term $HOST which I didn't enter when it asked me for a hostname.
You are correct, the distro it uses is not Ubunto but Xandros.
Any sugestions?

I really don't have any. I've looked at the script and it's bog-standard POSIX sh scripting as far as I can see. I can't figure out any way you'd be seeing that text, if your /bin/sh is a valid POSIX shell.

If you type "/bin/sh --version" what do you get?

Please also paste the output of "cat ~/.vpn.cfg" (feel free to anonymize it if necessary but please tell us which fields seemed to have correct data).

[bornjcan]

I am completely new to linux Ubuntu and am having the same problem as everyone else, it seems with the same error (ncsvc fails to install) and terminal can't connect to ip address

The script by Mad Scientist seems to be the fix, however I dont seem to see either a link to the file or even a how to as to a fix.

Can someone please post an easily found solution?

I am quite willing to do the work, however sorting through 20+ pages of threads which may or may not relate to my situation only to then pull up a terminal window and ruin my machine will not make my day..

I mean seriously !!!

[madscientist]

The script by Mad Scientist seems to be the fix, however I dont seem to see either a link to the file or even a how to as to a fix.

You can find my howto at http://mad-scientist.us/juniper.html

If you still have problems after that, tell us where things went wrong for you: what you typed, what happened, what messages you got, etc.

[bornjcan]

i did all (i think correctly) at the end tho i get an invalid credentials msg after i input my password for vpn..
however the script loads and runs
i think its my jobs network


any help would be appreciated

[madscientist]

bornjcan: unfortunately I'm only a NetworkConnect user and don't have any idea about the kinds of errors you can get; I don't know how the tool is administered and I don't have any documentation that might describe various error messages and what they mean.

Where do you see this message? Can you be sure to quote the message _exactly_ rather than paraphrasing it? Too often paraphrasing changes the meaning enough to make it impossible to determine the problem.

I'm assuming that you're able to log in via the web service and maybe even Windows, so you're sure that your SecurID fob is synced up, your PIN is right (do you use a PIN + SecurID code?), and your username is valid.

Beyond that the only thing I'm aware of that could be an issue is the realm setting. Did the folks managing your remote site tell you what to use for the realm value? If not, how did you determine it?

If that's all correct then I suggest you email your server admins and ask if they have any ideas.

[newsrg]

Thanks madscientist. I followed your recommendations. Your script asks for Pin+SecurID and when i Type my password I get this:

"Searching for ncsvc in current working directory
Searching for ncsvc in /home/fidelio/.juniper_networks/network_connect done.
gij: unrecognized option -- `-h'
Try `gij --help' for more information."

It looks a java issue. Any idea how to solve this?

NEWSRG