digg

Kubuntu Dapper, Juniper SSL VPN
on September 06, 2006 @ 04:43 PM

Juniper’s SSL VPN is not compatible with debian based distros. Thanks to the folks at Secure24” and flexion I was able to this working.
Flexion’s posts about how to get this to work with Ubuntu Breezy, but it didn’t work 100% the same for me. Flexion’s original article can be found at http://www.flexion.org/site/index.php?gadget=StaticPage&action=Page&id=50
Here are my steps:

sudo apt-get install openssl
sudo apt-get install libmotif3
sudo apt-get install libstdc++2.10-glibc2.2

sudo ln -s /usr/lib/libssl.so.0.9.7 /usr/lib/libssl.so.2
sudo ln -s /usr/lib/libcrypto.so.0.9.7 /usr/lib/libcrypto.so.2

# Add /usr/X11R6/lib to ld.so.conf
sudo emacs /etc/ld.so.conf
sudo ldconfig

At this point the /etc/ld.so.conf file didn’t exist, so I created it. The next steps were pretty much the same as on Flexion’s article except for a few notes below:
  • login into your Juniper SSL VPN homepage
  • Click the Network Connect Start button
  • A popup will appear saying “Loading Network Connect Client. Please wait”
  • An xterm window will appear with the title installNC.sh which will prompt you for a password.
  • CTRL-D at the password prompt and when asked to try again answer ‘N’.
  • Logout from the SSL VPN homepage and close Firefox/Mozilla. I did this and then went to the next steps, but it didn’t matter. I then did the steps again and just left Mozilla open
  • From a shell do the following…

$ cd ~/.juniper_networks
rm -rf network_connect
cp -R tmp network_connect
cd network_connect
chmod 744 *.sh
chmod 744 ncui  # <--- this differs
sudo chmod 6711 ncsvc
sudo chown root:root ncsvc

The above shell command didn’t work for me 100%.
  • chmod 744 ncui , I don’t have ncui. I skipped this step.

I tried to Network Connect Start and I got an “RPM query for openssl failed”. After clicking Ok the network connect java dialog popped up, then dissappeared.

Next go into your ~/.juniper_networks/network_connect folder and run:

sudo ncsvc

6 comments

Jump to comment form | comments rss [?]
  1. Ilya 11.10.06 / 16PM

    Thanks for a helpful page.

    Here is another bit of info which might be helpful to get juniper VPN working.

    Basically, on my system in addition to following you advice I also needed to manually create /dev/net/tun.

    The steps are from tuntap.txt (part of kernel source):

    mkdir /dev/net # if does not exist
   mknod /dev/net/tun c 10 200
    See tuntap.txt for details. The driver itself is  called tun.o and most likely should already be a part of your module directory
  2. Rich 12.19.06 / 00AM
    HELP!! I've done all of the assorted items relating to the Juniper IVE installation. I'm still not able to connect. Getting "Server Disconnected" error message. If I login via windows (UGGH!), it works just fine from my machine. Tunnel device file is already created: crw------- 1 root root 10, 200 2006-05-22 07:25 /dev/net/tun NCSVC.log file: 20061218171745.999302 ncsvc[13989] session.para received 102 msg from UI (session.cpp:74) 20061218171745.999423 ncsvc[13989] session.info ive_host = jeva.apollogrp.edu (session.cpp:127) 20061218171745.999451 ncsvc[13989] session.info cookie = DSSignInURL=/; DSID=f76c6d836130926b3ca1ae129c29ec7d; DSFirstAccess=1166486986; DSLastAccess=1166487463; path=/; secure (session.cpp:134) 20061218171745.999477 ncsvc[13989] session.info Will not use a proxy to connect to the IVE (session.cpp:171) 20061218171746.8708 ncsvc[13989] rmon.info got system route 172.31.208.0/255.255.255.0 gw 0.0.0.0 via 0x00000000 (routemon.cpp:396) 20061218171746.8755 ncsvc[13989] rmon.info got system route 192.168.45.0/255.255.255.0 gw 0.0.0.0 via 0x00000000 (routemon.cpp:396) 20061218171746.8780 ncsvc[13989] rmon.info got system route 172.16.79.0/255.255.255.0 gw 0.0.0.0 via 0x00000000 (routemon.cpp:396) 20061218171746.8804 ncsvc[13989] rmon.info got system route 0.0.0.0/0.0.0.0 gw 172.31.208.216 via 0x00000000 (routemon.cpp:396) 20061218171746.8874 ncsvc[13989] rmon.info best route to 204.17.31.196 is 0.0.0.0/0.0.0.0 via 0x00000000 (routemon.cpp:1209) 20061218171746.8957 ncsvc[13989] rmon.info adding route to 204.17.31.196/255.255.255.255 with gw 172.31.208.216, metric 1, if_id 0 (routemon.cpp:494) 20061218171746.9002 ncsvc[13989] session.info connecting to ive jeva.apollogrp.edu (session.cpp:235) 20061218171746.9057 ncsvc[13989] ncphandler.debug registering the NCP IO handler (ncphandler.cpp:42) 20061218171746.9082 ncsvc[13989] dsxp.para register handle 0x0000000e, total 2 (dsio.cpp:295) 20061218171746.13807 ncsvc[13989] main.error Using DSSSL to connect to IVE (ncp.cpp:1659) 20061218171746.13853 ncsvc[13989] http_connection.para Starting a timed connect with SSL session 0x80bd864, proxy 0:0, and timeout 5 (http_connection.cpp:162) 20061218171746.13878 ncsvc[13989] http_connection.para Entering state_start_connection (http_connection.cpp:276) 20061218171746.17444 ncsvc[13989] http_connection.para Entering state_continue_connection (http_connection.cpp:293) 20061218171746.17496 ncsvc[13989] http_connection.para Entering state_ssl_connect (http_connection.cpp:457) 20061218171746.34433 ncsvc[13989] dsssl.para SSL connect ssl=0x80beae0/sd=16 connection using cipher RC4-MD5 (DSSSLSock.cpp:780) 20061218171746.34968 ncsvc[13989] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:465) 20061218171746.39276 ncsvc[13989] ncphandler.para got 1 NCP callback (ncphandler.cpp:194) 20061218171746.39312 ncsvc[13989] ncphandler.info establish done (ncphandler.cpp:206) 20061218171746.39339 ncsvc[13989] ncp.info connect to rr_ive:443 svc 4 (ncp.cpp:787) 20061218171746.39436 ncsvc[13989] http_connection.para Starting a timed connect with SSL session 0x80bd864, proxy 0:0, and timeout 5 (http_connection.cpp:162) 20061218171746.39465 ncsvc[13989] http_connection.para Entering state_start_connection (http_connection.cpp:276) 20061218171746.42784 ncsvc[13989] http_connection.para Entering state_continue_connection (http_connection.cpp:293) 20061218171746.42823 ncsvc[13989] http_connection.para Entering state_ssl_connect (http_connection.cpp:457) 20061218171746.56193 ncsvc[13989] dsssl.para SSL connect ssl=0x80c3378/sd=17 connection using cipher RC4-MD5 (DSSSLSock.cpp:780) 20061218171746.56519 ncsvc[13989] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:465) 20061218171746.61500 ncsvc[13989] worker.para 2 sockets are ready for read/write. (ncp_dsssl.cpp:620) 20061218171746.61528 ncsvc[13989] worker.para intra_ncp_server_sock ready to read. (ncp_dsssl.cpp:626) 20061218171746.61589 ncsvc[13989] worker.para compressed 15 -> 21 bytes: socket 17, host rr_ive (ncp_dsssl.cpp:689) 20061218171746.61635 ncsvc[13989] worker.para [conn 0x80cd960] wrote 23 bytes: socket 17, host rr_ive, DSSSL_has_data_tosend 0 (ncp_dsssl.cpp:732) 20061218171746.67730 ncsvc[13989] worker.para 1 sockets are ready for read/write. (ncp_dsssl.cpp:620) 20061218171746.67785 ncsvc[13989] worker.para read 19 bytes from connection: socket 17, host rr_ive (ncp_dsssl.cpp:782) 20061218171746.67835 ncsvc[13989] worker.error connect to rr_ive:443 failed. IVE returned error 20001069 (ncp_dsssl.cpp:1009) 20061218171746.67866 ncsvc[13989] worker.para Calling NCP_DISCONNECT_DONE (ncp_dsssl.cpp:1113) 20061218171746.67894 ncsvc[13989] worker.para After NCP_DISCONNECT_DONE (ncp_dsssl.cpp:1116) 20061218171746.67930 ncsvc[13989] ncphandler.para got 6 NCP callback (ncphandler.cpp:194) 20061218171746.67955 ncsvc[13989] ncphandler.info control channel disconnected due to error 20001069 (ncphandler.cpp:252) 20061218171746.67978 ncsvc[13989] session.info initial connection to IVE is lost. (session.cpp:385) 20061218171746.68000 ncsvc[13989] session.info disconnecting from ive jeva.apollogrp.edu with reason 5 (session.cpp:337) 20061218171746.68022 ncsvc[13989] adapter.info closing tun adapter FFFFFFFF (adapter.cpp:732) 20061218171746.68047 ncsvc[13989] adapter.debug unregistering the adapter IO handler (adapter.cpp:733) 20061218171746.68070 ncsvc[13989] sysdeps.info restoring DNS settings... (sysdeps.cpp:772) 20061218171746.68098 ncsvc[13989] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:774) 20061218171746.68140 ncsvc[13989] sysdeps.error rename /etc/hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:778) 20061218171746.68167 ncsvc[13989] ncphandler.para ncpDisconnect() returns -1 (ncphandler.cpp:85) 20061218171746.68189 ncsvc[13989] ncphandler.error NCP disconnect failed, error 22 (ncphandler.cpp:91) 20061218171746.68211 ncsvc[13989] ncphandler.para teardown (enter) m_conn=0x00000000 (ncphandler.cpp:61) 20061218171746.68252 ncsvc[13989] worker.para 1 sockets are ready for read/write. (ncp_dsssl.cpp:620) 20061218171746.68275 ncsvc[13989] worker.para intra_ncp_server_sock ready to read. (ncp_dsssl.cpp:626) 20061218171746.68298 ncsvc[13989] worker.error NCP worker has been requested to stop (ncp_dsssl.cpp:634) 20061218171746.68598 ncsvc[13989] conn.info cleanup 0 (ncp.cpp:1379) 20061218171746.68734 ncsvc[13989] conn.info cleanup 0 (ncp.cpp:1379) 20061218171746.68763 ncsvc[13989] writer.error thread exit (ncp.cpp:1747) 20061218171746.68817 ncsvc[13989] ncphandler.para got 2 NCP callback (ncphandler.cpp:194) 20061218171746.68841 ncsvc[13989] ncphandler.info teardown done (ncphandler.cpp:259) 20061218171746.68910 ncsvc[13989] ncphandler.debug unregistering the NCP IO handler (ncphandler.cpp:260) 20061218171746.68932 ncsvc[13989] dsxp.para unregister handle 0x0000000e, total 1 (dsio.cpp:308) 20061218171746.68986 ncsvc[13989] session.info disconnected from ive jeva.apollogrp.edu with reason 5 (session.cpp:369) 20061218171746.69589 ncsvc[13989] dsxp.para unregister handle 0x0000000c, total 0 (dsio.cpp:308) 20061218171746.69634 ncsvc[13989] IpcConn.debug unregistering the IPC connection (0x080B69C0) IO handler (ncipc.cpp:208) 20061218171746.69688 ncsvc[13989] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72) NCUI.log file: 20061218171743.918836 ncui[13964] ncapp.info New ncapp log level set to 5 (nccommon.cpp:75) 20061218171743.918900 ncui[13964] ncui.info read from params... (nccommon.cpp:121) 20061218171743.918957 ncui[13964] ncapp.info Version : 1.2 Release Version : 5.3-0-Build11339 Build Date/Time : Nov 20 2006 Copyright 2002-2006 Juniper Networks (ncapp.cpp:153) 20061218171743.996307 ncui[13964] dsncuiapi.para DsNcUiApi::DsNcUiApi (dsncuiapi.cpp:64) 20061218171743.996370 ncui[13964] nccommon.error param <= 0 (nccommon.cpp:538) 20061218171743.996394 ncui[13964] nccommon.error param <= 0 (nccommon.cpp:538) 20061218171745.998733 ncui[13964] dsxp.para register handle 0x0000000a, total 1 (dsio.cpp:295) 20061218171745.998887 ncui[13964] IpcConn.debug registering the IPC connection (0x08404008) IO handler (ncipc.cpp:153) 20061218171745.998914 ncui[13964] dsxp.para register handle 0x00000010, total 2 (dsio.cpp:295) 20061218171745.998939 ncui[13964] dsncuiapi.para DsNcUiApi::open (dsncuiapi.cpp:90) 20061218171745.999146 ncui[13964] dsncuiapi.para DsNcUiApi::ProcessOpenReply (dsncuiapi.cpp:239) 20061218171745.999182 ncui[13964] dsncuiapi.para DsNcUiApi::setLogLevel (dsncuiapi.cpp:221) 20061218171745.999215 ncui[13964] dsncuiapi.para DsNcUiApi::connect (dsncuiapi.cpp:116) 20061218171745.999965 ncui[13964] dsncuiapi.para DsNcUiApi::ProcessSetLogLevelReply (dsncuiapi.cpp:458) 20061218171746.69038 ncui[13964] dsncuiapi.para DsNcUiApi::ProcessDisconnectReply (dsncuiapi.cpp:320) 20061218171746.69081 ncui[13964] ncui.info received onDisconnect with reason = 5 (ncui.cpp:445) 20061218171746.69118 ncui[13964] dsxp.para unregister handle 0x0000000a, total 1 (dsio.cpp:308) 20061218171746.69142 ncui[13964] dsxp.para unregister handle 0x00000010, total 0 (dsio.cpp:308) 20061218171746.69174 ncui[13964] IpcConn.debug unregistering the IPC connection (0x08404008) IO handler (ncipc.cpp:208) 20061218171746.69214 ncui[13964] ncapp.info waiting for NC service to stop! (ncapp.cpp:252) 20061218171746.69240 ncui[13964] ncapp.info done... (ncapp.cpp:254) 20061218171746.69266 ncui[13964] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72)
  3. Rich 12.19.06 / 00AM
    here are the Diagnostics: NC Diagnostics for Linux. Version 1.0. Release Date/Time: Nov 20 2006 17:53:50 +==============================================================================+ | Tests: | Results: | +==============================================================================+ o NC Installation Check Failed o NC Diagnostics NC Service Not Running NC Driver Test Passed NC Tunnel Test Not established o Host Details Hostname MYHOSTNAME Domainname (none) IP Routing Enabled No IP Loopback test Passed Nameserver Details 172.31.208.216 Ping Passed Gateway Ping Test 172.31.208.216 Ping Passed o Network Connection Diagnostics Interface: lo IP Address: 127.0.0.1 Netmask: 255.0.0.0 MTU: 16436 Interface: wlan0 IP Address: 172.31.208.191 Netmask: 255.255.255.0 Broadcast: 172.31.208.255 MTU: 1500 Interface: vmnet1 IP Address: 172.16.79.1 Netmask: 255.255.255.0 Broadcast: 172.16.79.255 MTU: 1500 Interface: vmnet8 IP Address: 192.168.45.1 Netmask: 255.255.255.0 Broadcast: 192.168.45.255 MTU: 1500 o Route Info Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.31.208.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.45.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8 172.16.79.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1 0.0.0.0 172.31.208.216 0.0.0.0 UG 0 0 0 wlan0 Finished running tests +==============================================================================+
  4. Davide 05.14.07 / 14PM

    Hi, did yuy tried it with Feisty? thanks

  5. Amit 09.14.07 / 10AM

    Thanks! I was able to connect ti SSL VPN using Feisty.

    I did some steps differently as follows,
    amit@lap432:~$ sudo ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.2
amit@lap432:~$ sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.2
amit@lap432:~$ sudo vi /etc/ld.so.conf
Added following line
/usr/X11R6/lib
amit@lap432:~$ rm -rf .juniper_networks/

    Logged in to the SSL VPN site. It asked for the root password and I put it in (I had set it using ‘sudo passwd’ command earlier). After this the SSL VPN applet started (I didn’t remove network_connect dir as my tmp dir was empty).

    I tried installing a lot of libraries (including given above) before this and some of them might have done the trick. To find out what libraries are missing you can go to ’.juniper_networks/network_connect/’ and run the ‘ncsvc’ binary without any arguments. It usually fails for some libstdc++ library file which you can install from synaptic.

  6. dan 09.28.07 / 10AM

    To save yourself from having to manually run ncsvc, run sudo chmod +s ncsvc after you’ve changed the files owner to root.