Force Juniper-network client to use split routing

Solution 1:

About the permission problem Marcus is correct in his answer but there is a simpler way to append to files requiring super user privileges:

$ echo "nameserver 192.168.0.1" | sudo tee -a /etc/resolv.conf

The tee command will split output (like a T-junction) to both a file and stdout. -a will make sure it appends to the file instead of completely overwriting it (which you most likely don't want when manipulating system files such as resolve.conf or hosts). sudo will make sure tee runs with super user access so that it can change the file.

Solution 2:

I think the problem is what is executed as root in this line:

sudo echo "nameserver 192.168.0.1" >> /etc/resolv.conf

Only the "echo" command is run as root and the file writing output is done with your regular user - which probably doesn't have access to /etc/resolv.conf.

Try to run it this way:

sudo su
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
exit

Solution 3:

As they have explained you already, the issue is that the policy is enforced client-side but setup on the server-side. This is a security feature, which allows the connecting network to avoid clients "bridging" unsecure and secure networks together.

The only way is to "hack" the client not to obey the server-side command.

There is a tutorial you can find on the web (http://www.digitalinternals.com/network/workaround-juniper-junos-pulse-split-tunneling-restriction/447/) which is Windows-based, but actually requires tools such as IDA Pro and Assembly-language skills to patch the Pulse binary. This can also be considered illegal in several countries.

Basically, although the user experience may be degraded by forcing your client to fully route through the destination network, this allows network administrators to keep their network safer, and you should simply not do that.

Hope this helps.

Solution 4:

I believe the policy is forced down from the server. Unless you somehow hack the juniper vpn client software you'll have to use the routing dictated.

It's part of VPN software feature-set that it can enforce security policies on clients.