natjohan's blog

Posted lun. 21 avril 2014

JNC under ElementaryOs/Ubuntu

Here is the way to simply install JNC (Juniper Network Connect which is the Juniper VPN client) under ElementaryOs or Ubuntu

1/ Installing Oracle Java and download the Juniper software

If you're under a 32 bits version (uname -a => i386)

natjohan:~$ sudo add-apt-repository ppa:webupd8team/java
natjohan:~$ sudo apt-get update
natjohan:~$ sudo apt-get install oracle-java7-set-default

Now, goes on your Juniper VPN server through your favorite web browser (https://vpn.mycompany.com), just login and then click on the start button next to the Network Connect item

/!\ Don't forget to accept execution of the Java applet in your web browser

Once you click on it a message will appear

Just wait few minutes, nothing happens but the JNC software should be downloaded under your home directory at ~/.juniper_networks/network_connect. If not, just go to https://vpn.mycompany.com/dana-cached/nc/ncLinuxApp.jar in order to download the jar file

If you're under 64 bits or if you don't want to install java at all (you're right !), just go to https://vpn.mycompany.com, just login an go to https://vpn.mycompany.com/dana-cached/nc/ncLinuxApp.jar and download it on your computer.

2/ Installing JNC wrapper

We will install JNC which is a perl wrapper for the Juniper network connect client provides by Klara Mall.

natjohan:~$ sudo chown root:root ~/.juniper_networks/network_connect/ncsvc
natjohan:~$ cd .juniper_networks
natjohan:~$ unzip ~/.juniper_networks/ncLinuxApp.jar -d ~/.juniper_networks/network_connect/
natjohan:~$ sudo chown root:root ~/.juniper_networks/network_connect/ncsvc
natjohan:~$ sudo chmod 6711 ~/.juniper_networks/network_connect/ncsvc
natjohan:~$ chmod 744 ~/.juniper_networks/network_connect/ncdiag

natjohan:~$ cd /usr/local/bin
natjohan:/usr/local/bin$ sudo wget http://www.scc.kit.edu/scc/net/juniper-vpn/linux/jnc
natjohan:/usr/local/bin$ chmod a+x jnc
natjohan:~$ sudo aptitude install openssl

Create the config directory

natjohan:~$ mkdir -p ~/.juniper_networks/network_connect/config

And now you can edit mycompanyvpn.conf under this directory with the following parameters

host=vpn.mycompany.com
user=username
realm=your_realm
cafile=/etc/ssl/mycompanycertificate.pem

realm : if you don't know how to find your realm, just go to vpn.mycompany.com, take a look at the html source of this page and try to find a line like this

<input type="hidden" name="realm" value="REALMNAME">

If you don't find it, just try without this parameter or ask your IT department about that.

cafile : just go to your vpn.mycompany.com page with you browser and click on the https logo, then go to something like Show your certificate, then Details, and you probably can export (it depends on your web browser) it in the .pem format. Just save it under /etc/ssl/mycompanycertificate.pem (for example).

I know that you can put a password field in your config file, but you should not do that for obvious security reasons

3/ Launch JNC

Now you can launch JNC wrapper and use your company's VPN

natjohan:~$ jnc --nox mycompanyvpn
Password:
Connecting to XXXXX.com : 443.
Waiting for ncsvc for 3 seconds... done
ncsvc is running, but tunnel is not established yet. Waiting for 3 seconds... done.
ncsvc is running in background (PID: 744):
tunnel interface tun0, addr: X.X.X.X
natjohan:~$

The --nox option is to launch jnc without gui. To stop it

natjohan:~$ jnc stop
ncsvc is running, sending signal... terminated.
natjohan:~$

Go further


JNC wrapper webpage
Troubleshoot tips
JNC on archlinux's wiki
Another method with the MadScientist script msjnc

Category: Linux
Tags: Juniper Network Connect VPN ElementaryOs Ubuntu

Comments