Juniper SSL VPN Client on Linux



Introduction

If you need to log in to a place of work (or whatever) that has a
Juniper SSL VPN, and you’re using Linux, then this short guide tells
you how to get up and running.

The good news: there’s very little work to do. They’ve produced a Linux
client that should work on whatever distribution you’re using without
too much difficulty.

There are 4 steps – skip down to the first you that you need
help for!

  1. Install the pre-requisite
    software: Java 6 Runtime
  2. Install the Java plugin into
    Firefox
  3. Make sure you have the other
    pre-requisities
     
  4. Visit the website in Firefox,
    and you’re away!

I do not use Juniper any more, but was using Fedora (Linux) – but you will be able to use
these instructions to help you with Ubuntu, Mandrake, or whatever
you’re using. I am advised that this guide works succesfully on Fedora 12. This guide might be of help too if you’re using other
UNIX-like systems; but it does require support from Juniper themselves,
so I’m not completely sure. (I wrote this guide in 2008).


1. Install the pre-requisite software: Java 6 Runtime

For Linux, I downloaded the self-extracing RPM, which can be
obtained from this page:
http://java.sun.com/javase/downloads/index.jsp.
I presently have the
Java 6 Update 1 runtime. Note that the free Java (OpenJDK/IcedTea) included in many Linux distributions may not work – you may need to get the official Sun Java.

Having downloaded the relevant file for my computer, I needed
to run it with administrative permissions. From a terminal, I ran this
command (Ubuntu users may need to use “sudo” instead of “su”):

% su -c "sh jre-6u1-linux-i586-rpm.bin"

2. Install the Java plugin into Firefox

Type in “about:plugins” into Firefox to see if you have the
plugin installed. If you don’t, you’ll need to create a symlink from
your Firefox plugins directory to the plugin. For me, it was as follows:

% cd ~/.mozilla/plugins/
% ln -s /usr/java/latest/plugin/i386/ns7/libjavaplugin_oji.so .

Try here if you need more help:
http://plugindoc.mozdev.org/faqs/java.html



3. Make sure you have the other pre-requisities

The Juniper application requires “xterm” when you run it the first time
in order to get root privileges. If it’s not there, it fails silently.
So, make sure you have xterm installed!

The application also requires the command “rpm -q openssl” to return
successfully. This might cause you a problem if you don’t have an RPM
based distribution. I don’t know if it fails without it, or if it’s
just a check that’s logged. You’ll find out!

You also require the “tun” driver in your kernel. You will almost
certainly have this unless you compiled your own kernel, in which case
you will know what you are doing anyway!

You may also need to have older versions of the C++ library installed. On Fedora 10 I was advised that the package compat-libstdc++-296 is the one you need. (yum install compat-libstdc++-296) (thanks to Edward Mann for the tip).

What else? I don’t know, as whatever else was needed I already had. The
client creates some files in .juniper_networks in your home directory,
and leaves log files in there – so you may be able to find out what
problems you are having from there.


4. Visit the website in Firefox,
and you’re away!

For me, that was all there was to it. I visited the URL I’d been given
for the VPN, supplied my username and password, and then pressed
“Network Connect”. It then ran the Java application, asked me a couple
of times to confirm that I was willing to run the application, and then
I was in. “/sbin/route -n” and “cat /etc/resolv.conf” showed me that
the VPN was up and running – things “just worked” from there.

The Java application will ask you for your root password (via an xterm)
the first time you run it; it then installs a setuid root binary in
~/.juniper_networks – yuk!




Links:

  1. More help: http://forums.gentoo.org/viewtopic-t-374292.html
  2. More help: http://gentoo-wiki.com/HOWTO_Juniper_SSL_Network_Connect_VPN
  3. Recently I have written this parable about
    Richard Dawkins
    .
  4. I also run this blog exposing a bogus group of science educators.
  5. My homepage.



Feedback / E-mail / Anything I forgot to mention?: use the e-mail address on my homepage. (Please try Google first… I’m no expert on this application – the
above is just my notes).

Print This Page Print This Page

3 Responses to Juniper SSL VPN Client on Linux

Leave a Reply