Page 44 of 56 FirstFirst ... 34424344454654 ... LastLast
Results 431 to 440 of 554

Thread: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

  1. #431
    Join Date
    Apr 2006
    Beans
    2

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    Anyone knows how to set up proxy settings with mad scientist' script ?
    thanks for helping me

  2. #432
    Join Date
    Apr 2006
    Beans
    2

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    Quote Originally Posted by LdK View Post
    Anyone knows how to set up proxy settings with mad scientist' script ?
    thanks for helping me
    I found a solution :
    Add
    Code:
    -y "$PROXY" -z "$PROXYPORT"
    at line 515 and 520 to the mad scientist' script and add these informations to your profile file.


    ps: if you need you can add these following informations (obtained by this command '.juniper_networks/network_connect/ncsvc -help')

    Code:
    Proxy Options:
    	-y, -proxy: 		Proxy server hostname or IP
    	-z, -proxy-port: 	Proxy server port number
    	-s, -proxy-user: 	Proxy server username
    	-a, -proxy-pass: 	Proxy server password
    	-d, -proxy-domain: 	Proxy server domain
    Last edited by LdK; June 8th, 2011 at 01:10 PM.

  3. #433
    Join Date
    Nov 2006
    Beans
    5

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    In our company we need 3 things to login to the VPN
    1. LDAP Username
    2. LDAP Password
    3. Pincode + Passcode

    Is there anyone that knows how to do this with junipernc?

  4. #434
    Join Date
    Jun 2011
    Beans
    1

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    Hello,

    I am trying to connect to our Juniper and it appears it can't handle the /its in the URL properly.

    Below is the error I am getting. I have changed the domain name to protect the innocent.

    Any help would be appreciated.


    20110630105010.526731 ncsvc[4187] ncsvc.info New ncsvc log level set to 3 (nccommon.cpp:75)
    20110630105010.533465 ncsvc[4187] ncsvc.error gethostbyname failed for host connect.acme.com/its
    (ncsvc.cpp:442)
    Unable to connect to connect.acme.com/its

  5. #435
    Join Date
    Jul 2011
    Beans
    2

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    Wow ... the script is awesome and works very well! I have an issue with it that I was able to resolve, but not in a "nice" way.

    Once I'm logged in to the VPN, have network connect up and running, I can see the machines I need to work on via IP. Great! I thought to get DNS working as well, so I modified my dhclient.conf file.

    The interesting thing that happens is that (it seems) the script causes resolv.conf to be overwritten with nameservers from the connected website. For a lot of people, that's probably fine. For me, I need many more nameservers (this connection spans many, many sites), a specific domain, and search. It's all in my dhclient.conf, but it doesn't get written to resolv.conf with the new connection. It does get the search field in, but that's useless without the domain and extra nameservers.

    I wrote a resolv.conf by hand and put it in place. After that, everything works. If I log out and log back in, however (to the vpn), that gets reset, so I have to replace my resolv.conf any time I use this.

    Ideas why it's not taking the info in the dhclient.conf? Maybe I don't know enough about that configuration file and there's a way to tell it specifically to use the information for this connection type?

    Thanks for the script! I have a workaround for this problem and thought I'd post it for others (manually setting resolv.conf ... don't forget to back it up as dhclient.conf will overwrite it!), but thought I'd ask in case I'm missing something that would make everything better

  6. #436
    Join Date
    Oct 2006
    Beans
    Hidden!
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    I have the same problem as Mynk. Running on Kubuntu 11.04 64bit.
    Code:
    ncapp> Failed to connect/authenticate with IVE. Error 10

  7. #437
    Join Date
    Oct 2006
    Beans
    Hidden!
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    I will answer to myself. Luckily I have found a solution. It has to be added one parameter to ncsvc. Description is here: http://kb.juniper.net/InfoCenter/ind...ent&id=KB15890
    I modified my junipernc script and added this to command: -U “https://$HOST/launcher”

    Code snippet:
    Code:
     if $_java; then
            echo "$password" | "$JAVA" -jar "$_ncpath/NC.jar" -h "$HOST" -u "$USER" -f "$CERT" -r "$REALM" -U "https://$HOST/launcher" \
                || ok=false
    
        else
            # No GUI?  Just let the thing run in the background
            echo "$password" | "$_ncpath/ncsvc" -h "$HOST" -u "$USER" -r "$REALM" -f "$CERT" -U "https://$HOST/launcher" \
                || ok=false
        fi

  8. #438
    Join Date
    Mar 2006
    Beans
    3

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    Hi Guys,

    My 'single click VPN' solution.

    I tried many things from this thread a while back and never had much luck, so I went off on my own and figured out another solution which 'Just Works' (tm) for me. I haven't wrapped it up and made it all pretty, but it may help someone. I've used this on 10.04 upwards with NC 7.0R1 as delivered by default from our Juniper SA.

    In our case, we have a Juniper SA2500 and multiple roles for most users in our default Active Directory realm. Using NC.jar via CLI only works when one role is available, so I made a new realm for this purpose. Once this realm is created, it provides another login URL such as https://host.company.com/realm/

    On the SA under Users -> User Realms: I created a new realm called ncsvc with all the necessary mappings to AD to put users only in to one role.

    I've then installed kdocker and gtk-led-askpass and have a small script which asks for my password, launches and then docks the window to the notification tray so it's out of the way.

    To do this:
    • Access the login page of your Juniper with firefox and export the SSL certificate to a local file. Process: click the padlock -> View Certificate -> Details -> Export -> DER
    • Login as normal and launch Network Connect to install the NC client
    • Install kdocker and gtk-led-askpass
    • Customise the script below and use it for connecting in the future.

    Code:
    #!/bin/sh
    # ncsvc is the single role realm created for this purpose
    /usr/bin/java -jar ~/.juniper_networks/network_connect/NC.jar -h host.company.com -u 'username' -f ~/ssl-certificate.der  -r "ncsvc" -L 5 -p `gtk-led-askpass` -U https://host.company.com/ncsvc/ &
    sleep 8
    kdocker -i /usr/share/icons/gnome/16x16/categories/applications-internet.png -w `xwininfo -name "Network Connect" | grep "Window id" | awk '{print $4}'`
    * only gotcha is don't drag the NC window around once it loads, as kdocker ain't the sharpest tool in the shed. Just load it and click the new globe icon in the notification area to show/hide the NC window - it will hide itself initially though after a delay.

  9. #439
    Join Date
    Aug 2007
    Beans
    5

    Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper

    on ubuntu 11.04 and firefox 6 I've installed the 32 bit java and set update-alturnatives to use it (and restarted firefox), but when I go to the juniper and activate network connect from there a ps ax |grep java shows that it's running the openjdk java that's tied to the icedtea plugin. If I don't have this plugin I can't get the web page to start the java app.

    I tried using the junipernc script, but in my case I have token authentication (on the Juniper web screen, there is no password entered on the first screen, then a second screen gives me a challenge that I type into the token and then type the response from the token into the we page before I am able to get logged in to the Juniper)

    Is there any way to do this from the command line with something like juniperrc?

    David Lang

  10. #440
    Join Date
    Aug 2007
    Beans
    5

    I figured out how to do multi-authentication with 64 bit ubuntu

    It's very ugly, but you can create a 32 bit chroot sandbox and start the VPN from inside the sandbox and then use it on the main system

    the steps to do this are ugly, so here is a close-to-right script to implement them all (this is taking what I did and making it into a script, there may be typos or such in it that I have not yet found, testing and feedback would be appreciated, as would any ideas of how to reduce the size of the sandbox and the time to create it)

    first, use a normal 64 bit browser to login to the juniper and attempt to start the network connect, this will do the
    installation (where it prompts you for a sudo password) and should create a directory tree, the key to checking that
    this installed correctly it to look for the file .juniper_networks/network_connect/ncsvc and see that it is setuid
    root.

    this script creates a chroot sandbox with a minimal ubuntu installation in it. It then installes a handful of
    additional packages that are needed (and the large number of dependancies for those files)

    it does a bunch of mounts into the sandbox (these mounts would need to be done on every boot)

    it then creates a script to work around firefox being dependant on DBUS (firefox still complains about not being able
    to reach DBUS, but without this script it dies instead) and then it starts firefox

    in firefox connect to the juniper, sign in, and launch network connect. there is one error prompt about being unable
    to modprobe the tun drier, just click Ok and the tunnel should start.

    the tunnel can be used by any software on the box, it doesn't hae to be inside the sandbox (that is the reason for
    making /etc/resolv.conf be a symlink into the sandbox.

    there are a number of times in the process that the user will be prompted for things, so it is not an unattended
    install.



    #!/bin/bash
    export SANDBOX=sandbox2
    export INSALL_USER=dlang
    debootstrap --arch=i386 natty $SANDBOX

    mount -B /dev $SANDBOX/dev
    mount -B /var/run/dbus $SANDBOX/var/run/dbus
    mount none -t proc $SANDBOX/proc
    mount none -t devpts $SANDBOX/dev/pts
    if [ -e /etc/resolve.conf.juniper.save ]
    then
    echo "already saved resolv.conf"
    else
    mv /etc/resolv.conf /etc/resolve.conf.juniper.save
    ln -s /home/$INSALL_USER/$SANDBOX/etc/resolv.conf /etc/resolv.conf
    fi
    cd $SANDBOX
    chroot . bash -
    export LANG=C
    adduser --uid 1000 $INSALL_USER
    adduser $INSALL_USER adm
    adduser $INSALL_USER sudo
    exit
    cp -pR /home/$INSALL_USER/.juniper_networks/ home/$INSALL_USER
    cp /etc/apt/sources.list $SANDBOX/etc/apt
    chroot . bash -
    export LANG=C
    apt-get update
    apt-get install firefox
    apt-get install libcanberra-gtk-module
    apt-get install sun-java6-plugin
    su - $INSALL_USER
    cat <<EOF >fixdbus
    #!/bin/bash

    exportDbus () {
    # Get the pid of nautilus
    nautilus_pid=\$(pgrep -u \$LOGNAME -n firefox-bin)

    # If nautilus isn't running, just exit silently
    if [ -z "\$nautilus_pid" ]; then
    echo "exiting"
    exit 0
    fi

    # Grab the DBUS_SESSION_BUS_ADDRESS variable from nautilus's environment
    eval \$(tr '\0' '\n' < /proc/\$nautilus_pid/environ | grep '^DBUS_SESSION_BUS_ADDRESS=')

    # Check that we actually found it
    if [ -z "\$DBUS_SESSION_BUS_ADDRESS" ]; then
    echo "Failed to find bus address" >&2
    exit 1
    fi

    # export it so that child processes will inherit it
    export DBUS_SESSION_BUS_ADDRESS
    }


    exportDbus
    \$@
    EOF
    chmod 700 fixdbus
    ./fixdbus firefox -no-remote --display=localhost:0 &

Page 44 of 56 FirstFirst ... 34424344454654 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •