Howto
- First you need the network connect client software from Juniper
Networks.
If the Java plugin from Sun Microsystems is installed on your system and you use a 32-bit Linux (sun-java6-plugin works for me on Debian/Ubuntu 32-bit), then just connect once using the standard user interface via web browser (Firefox is supported by Juniper Networks, Opera worked for me, too). You are asked for the root password because the setuid bit of the ncsvc binary must be set. If you don't have a root password (e. g. because you use Ubuntu) just press CTRL+D to abort. Nevertheless the software will be downloaded to the directory ~/.juniper_networks/network_connect. Just make sure the binaries have the required permissions:
$ sudo chown root:root ~/.juniper_networks/network_connect/ncsvc
$ sudo chmod 6711 ~/.juniper_networks/network_connect/ncsvc
$ chmod 744 ~/.juniper_networks/network_connect/ncdiagIf the Sun Java doesn't work on your system with Juniper (64-bit Linux) or you don't want to use Java, just login on the web site of your Juniper SSL/VPN and change the URL as follows:
If the site's URL is https://vpn.kit.edu enter https://vpn.kit.edu/dana-cached/nc/ncLinuxApp.jar and download the file ncLinuxApp.jar.
Then execute the following commands:$ mkdir -p ~/.juniper_networks/network_connect/
$ unzip ncLinuxApp.jar -d ~/.juniper_networks/network_connect/
$ sudo chown root:root ~/.juniper_networks/network_connect/ncsvc
$ sudo chmod 6711 ~/.juniper_networks/network_connect/ncsvc
$ chmod 744 ~/.juniper_networks/network_connect/ncdiag
Download jnc, copy it to an appropriate directory (e. g. /usr/local/bin) and make it executable:
$ chmod a+x jnc
In addition to perl openssl must be installed to use it. If you want to use the GUI, Java from Sun Microsystems must be available, too, of course.
If you use a 64-bit Linux the Network Connect Java GUI will not work. So remember to start jnc with option --nox (or -n), see below. Also install the 32-bit versions of the required libraries.
On Debian/Ubuntu:
# apt-get install libc6-i386 lib32z1 lib32nss-mdnsOn RH 6 and higher:
# yum install glibc.i686 zlib.i686 nss.i686Create the directory for the configuration files
$ mkdir -p ~/.juniper_networks/network_connect/config
and create a configuration file in this directory. It must be named somename.conf.
Example config file
(Karlsruhe Institute of Technology (KIT) users: click here)host=foo.bar.com user=username password=secret realm=very long realm with spaces cafile=/etc/ssl/bar-chain.pem certfile=
password and realm are optional.
cafile: ca chain to verify the host certificate
certfile: host certificate in DER format
cafile or certfile must be configured.For cafile/certfile you have to use the full path. You must not use ~, it won't be expanded.
If you don't know about any realm there's possibly only one, so you can omit this configuration option. You can also find out your realm by viewing the page source of your sign-in page: just search for the word realm in it.
Start network connect with
$ jnc somename
or
$ jnc --nox somename
for use without GUI. To stop the client, just (click Sign Out in the Java GUI or) execute
$ jnc stop
For more options see
$ jnc --help
Updating the client: if your Juniper SSL/VPN site was upgraded to a new firmware version there could be also a new network connect client version available. To get it, just repeat step one in this howto. You don't have to remove any files before.
No comments:
Post a Comment