How to connect to a Juniper VPN from Linux

Solution 1:

And my favorite method (no java applet required):

Presumably:

• your url: 'https://some.site.com/dana-na/auth/url_default/welcome.cgi' (or whatever)

• your username=username

• your password=password

• you know your realm or you can find it from the web page or with:

-

REALM=$(wget -q --no-check-certificate -O - 'https://some.site.com/dana-na/auth/url_default/welcome.cgi' | sed -n 's/.*<input\( [^>]*name="realm" [^>]*\)>.*/\1/p' | sed -n 's/.* value="\([^"]*\)".*/\1/p')

After you login, download the following jar (should be done one time only):

https://some.site.com/dana-cached/nc/ncLinuxApp.jar

and unzip it to ~/.juniper_networks/network_connect

Get some new libraries for your 64bit machine yum install glibc.i686 zlib.i686 nss-mdns.i686

Go to ~/.juniper_networks/network_connect and

sudo chown root:root ncsvc
sudo chmod 6711 ncsvc
chmod 744 ncdiag
chmod +x getx509certificate.sh

Get your certificate:

./getx509certificate.sh some.site.com company.cert

And connect:

./ncsvc -h some.site.com -u username -p password -r REALM -f ./company.cert

For some sites I noticed that you also need to put the -U switch:

./ncsvc -h some.site.com -u username -p password -r REALM -f ./company.cert -U 'https://some.site.com/dana-na/auth/url_default/welcome.cgi'

Solution 2:

The OpenConnect VPN client has (nascent) support for Juniper SSL VPN.

See the announcement at http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002628.html

Edit 2015-02-02:

The Juniper support is coming along nicely now and is definitely ready for more testing. It's reached the point where we're happy to admit to its existence on the OpenConnect web site: http://www.infradead.org/openconnect/juniper.html