HOWTO: Ubuntu Linux (64bit) Client connect to Juniper SSL VPN, without 32bit Java (en)
Juniper SSL VPN is widely been used in many places, including almost every National University in Taiwan, provided by TWAREN.
Using Ubuntu (Linux) 64bit as client to connect to it is not painless, but Pain-in-the-Ass.
If you don’t want to install another HUGE 32bit Java just for it, this is the right HOWTO Guide for you.
# Install libs
sudo apt-get install libc6:i386 zlib1g:i386 libgtk2-perl libwww-perl# Get files
chmod +x msjnc junipernc# Using browser to download jar files from SSLVPN website# Extract files
./msjnc# Start VPN
What’s SSL VPN
A VPN (Virtual Private Network) is a way for people to access services in LAN (Local Area Network) behind NAT Firewall. For example, to connect to your office computer when you’re at home or travelling. There are many kinds of VPN you can use, like PPTP, OpenVPN, Cicso OpenConnect, and else.
SSL VPN is one of them which was designed to be usable as long as you have a browser.
Some people consider it as the easiest way for users, but it’s only true when all their users use M$ Windows, or when they provide enough cross-platform support.
Sadly Juniper SSLVPN solution (NetworkConnect client) doesn’t have good-enough support for 64bit Linux. So we have to do some hacks.
You’re ganna need these:
- Browser (Firefox or Chromium)
- Java (your original 64bit Java with browser plugin installed)
- few really basic 32bit lib
- some basic perl libs for GUI (to avoid using Java GUI which needs more 32bit support)
We’ll be using junipernc in this case. It is a command line script which setup and run neccessary commands automatically. msjnc is for extracting files we need.
Browser is only used for downloading Juniper’s SSLVPN client NetworkConnect.
Java is only used for it’s auto-install process. You can find another article about how to install Oracle Java HERE.
sudo apt-get install libc6:i386 zlib1g:i386
sudo apt-get install libgtk2-perl libwww-perl
chmod +x msjnc junipernc
We need some info for our tool to login for us:
- Network Connect URL or Server
Network Connect URL or Server is the url where you can see the login page in your browser. In my case it looks like this:
We need to get all needed files settled in your system.
1.Get .jar and files
Now login to the SSLVPN.
When you see Network Connect -> Start, just click the Start.
Click Permit at the page top to allow Java to run, keep clicking Yes. In the end it will fail and show an error about 32bit.
DON’T PANIC, it’s normal as we’re using 64bit system and the Java application wants 32bit.
Check the folder in your home dir, you’ll see ncLinuxApp.jar is laying right there:
bluet@clean:~$ ls -al .juniper_networks
drwxrwxr-x 2 bluet bluet 4096 3月 29 01:01 .
drwxr-xr-x 20 bluet bluet 4096 3月 29 01:00 ..
-rw-rw-r-- 1 bluet bluet 2065489 6月 25 2014 ncLinuxApp.jar
-rw-rw-r-- 1 bluet bluet 19 3月 29 01:01 whitelist.txt
2. Extract files
The tool msjnc can extract all the files we need from the original ncLinuxApp.jar
It will finish without any warning or message, but when you check the folder again, you’ll see the difference.
bluet@Zorya:~$ find ~/.juniper_networks/
3. Use 32bit Java to run msjnc (Skip This if you don’t want to install additional 32bit Java)
I don’t want to install another HUGE Java in 32bit just for this.
I’m using a 240G SSD. It’s fast but expensive, I really don’t want to waste my disk space on the rarely used 32bit Java.
But if you insist, or you think you have bunches of disks to waste, waste electricity and network bandwidth, then do this. I can’t stop you.
Otherwise, Don’t Do This.
Install an additional 32bit Java:
sudo apt-get install openjdk-7-jdk:i386
msjnc has it’s own GUI interface for users to easily control VPN connections, but it needs 32bit Java.
Now you can search Network Connect in your Dash.
Start VPN and Enjoy
Now let’s setup the VPN and let it run.
echo 0 | sudo tee /proc/sys/net/ipv6/conf/default/router_solicitations
Run junipernc without 32bit Java
You’ll see GUI prompt boxes asking VPN info at the first time.
We have them ready in the first step, so just type them in.
Once finished, there will be a new network interface in your system.
bluet@clean:~$ ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.99.1.30 P-t-P:10.99.1.30 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:16363 errors:0 dropped:0 overruns:0 frame:0
TX packets:11128 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:20952021 (20.9 MB) TX bytes:777393 (777.3 KB)
Now ping your office computer or check WhatIsMyIP, you’re now in the VPN world. Also you’ll see VPN info stored in ~/.vpn.default.crt
Next time you want to start the VPN, just type the same command
Enter the password, and you’re ON.
When you finished your works, use this command to kill VPN process to stop VPN
sudo killall ncsvc
I’ve spend hours figuring out how to make it work, and then whole night to double-check and write this article. Hope this HOWTO can save your time, save a kitten and a tree.
Originally published at blog.geeky.name on March 28, 2016.