Juniper SSL VPN Client on Linux

Introduction

If you need to log in to a place of work (or whatever) that has a Juniper SSL VPN, and you're using Linux, then this short guide tells you how to get up and running.

The good news: there's very little work to do. They've produced a Linux client that should work on whatever distribution you're using without too much difficulty.

There are 4 steps - skip down to the first you that you need help for!


  1. Install the pre-requisite software: Java 6 Runtime
  2. Install the Java plugin into Firefox
  3. Make sure you have the other pre-requisities
  4. Visit the website in Firefox, and you're away!

I am using Fedora Core (Linux) - but you will be able to use these instructions to help you with Ubuntu, Mandrake, or whatever you're using. This guide might be of help too if you're using other UNIX-like systems; but it does require support from Juniper themselves, so I'm not completely sure.

1. Install the pre-requisite software: Java 6 Runtime

For Linux, I downloaded the self-extracing RPM, which can be obtained from this page: http://java.sun.com/javase/downloads/index.jsp. I presently have the Java 6 Update 1 runtime.

Java 6 Runtime Download

Having downloaded the relevant file for my computer, I needed to run it with administrative permissions. From a terminal, I ran this command (Ubuntu users may need to use "sudo" instead of "su"):

% su -c "sh jre-6u1-linux-i586-rpm.bin"

2. Install the Java plugin into Firefox

Type in "about:plugins" into Firefox to see if you have the plugin installed. If you don't, you'll need to create a symlink from your Firefox plugins directory to the plugin. For me, it was as follows:

% cd ~/.mozilla/plugins/
% ln -s /usr/java/latest/plugin/i386/ns7/libjavaplugin_oji.so .

Try here if you need more help: http://plugindoc.mozdev.org/faqs/java.html

3. Make sure you have the other pre-requisities

The Juniper application requires "xterm" when you run it the first time in order to get root privileges. If it's not there, it fails silently. So, make sure you have xterm!

The application also requires the command "rpm -q openssl" to return succesfully. This might cause you a problem if you don't have an RPM based distribution. I don't know if it fails without it, or if it's just a check that's logged. You'll find out!

You also require the "tun" driver in your kernel. You will almost certainly have this unless you compiled your own kernel, in which case you will know what you are doing anyway!

What else? I don't know, as whatever else was needed I already had. The client creates some files in .juniper_networks in your home directory, and leaves log files in there - so you may be able to find out what problems you are having from there.

4. Visit the website in Firefox, and you're away!

For me, that was all there was to it. I visited the URL I'd been given for the VPN, supplied my username and password, and then pressed "Network Connect". It then ran the Java application, asked me a couple of times to confirm that I was willing to run the application, and then I was in. "/sbin/route -n" and "cat /etc/resolv.conf" showed me that the VPN was up and running - things "just worked" from there.

The Java application will ask you for your root password (via an xterm) the first time you run it; it then installs a setuid root binary in ~/.juniper_networks - yuk!
Links:
  1. More help: http://forums.gentoo.org/viewtopic-t-374292.html
  2. More help: http://gentoo-wiki.com/HOWTO_Juniper_SSL_Network_Connect_VPN
  3. What I am doing with my life: I am a Christian evangelist, working in Belper - Grace Church Belper.
  4. Recently I have written this parable about Richard Dawkins.
  5. I also run this blog exposing a bogus group of science educators.
  6. My homepage.

Feedback / E-mail / Anything I forgot to mention?: juniper-ssl-feedback@dw-perspective.org.uk. (Please try Google first... I'm no expert on this application - the above is just my notes).