Juniper Network Connect for Linux

• 取出 getx509certificate.sh 程式，並抓取憑證。

  # cd /tmp
  # jar xf ~/.juniper_networks/ncLinuxApp.jar
  # sh getx509certificate.sh "sslvpn9.twaren.net" ~/.vpn.default.crt

• 使用 ncsvc 程式進行連線。

  # ~/.juniper_networks/network_connect/ncsvc \
      -h "sslvpn9.twaren.net" \
      -u "username@wlan.nthu.edu.tw" \
      -p "password" \
      -r "NTHU_Radius_Users" \
      -f ~/.vpn.default.crt \
      -U "https://sslvpn9.twaren.net/nthu" \
      -L 5

• 檢查路由表是否正確。

  # netstat -nr
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  10.0.0.1        0.0.0.0         255.255.255.255 UH        0 0          0 eth0
  203.145.201.10  10.0.0.1        255.255.255.255 UGH       0 0          0 eth0
  10.0.0.0        0.0.0.0         255.255.0.0     U         0 0          0 eth0
  0.0.0.0         140.114.253.119 0.0.0.0         UG        0 0          0 tun0
  0.0.0.0         10.0.0.1        0.0.0.0         UG        0 0          0 eth0
  
  # ip route list
  10.0.0.1 dev eth0  scope link  metric 1 
  203.145.201.10 via 10.0.0.1 dev eth0  metric 1 
  10.0.0.0/16 dev eth0  proto kernel  scope link  src 10.0.0.2  metric 1 
  default via 140.114.253.119 dev tun0  scope link  metric 1 
  default via 10.0.0.1 dev eth0  metric 10 

• 檢查網路介面是否正確。

  # ifconfig
  tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
            inet addr:140.114.253.119  P-t-P:140.114.253.119  Mask:255.255.255.255
            UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
            RX packets:192 errors:0 dropped:0 overruns:0 frame:0
            TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:500 
            RX bytes:114833 (112.1 KiB)  TX bytes:37304 (36.4 KiB)

• 使用 ncsvc 程式停止連線。

  # ~/.juniper_networks/network_connect/ncsvc -K

(2012/08/20) 可使用 MSJNC Session Manager 進行連線，該軟體提供 GUI 介面及選單管理，並且可不需要安裝 Java Runtime。

• 可參考 MadScientist JNC Session Manager

# mkdir -p /opt/local/bin
# mkdir -p /opt/local/src
# cd /opt/local/src
# git clone https://github.com/madscientist/msjnc.git
# ln -s /opt/local/src/msjnc/msjnc /opt/local/bin
# /opt/local/bin/msjnc

1. 下載 junipernc 檔案

   # wget -q -O /usr/local/bin/junipernc http://mad-scientist.net/junipernc
   # chmod a+x /usr/local/bin/junipernc

2. 已回報請原作者加入以下功能，31 Oct 2011 以後的版本請略過本步驟。修改 /usr/local/bin/junipernc 檔案第 512、517 行，加入「-U "$URL" -L 5」，如下：

   # vim /usr/local/bin/junipernc
   510     # Send the password on stdin to avoid having it show up via ps
   511     if $_java; then
   512         echo "$password" | "$JAVA" -jar "$_ncpath/NC.jar" -h "$HOST" -u "$USER" -f "$CERT" -r "$REALM" -U "$URL" -L 5 \
   513             || ok=false
   514 
   515     else
   516         # No GUI?  Just let the thing run in the background
   517         echo "$password" | "$_ncpath/ncsvc" -h "$HOST" -u "$USER" -r "$REALM" -f "$CERT" -U "$URL" -L 5 \
   518             || ok=false
   519     fi

3. 編輯設定 ~/.vpn.default.cfg，如下：

   # vim ~/.vpn.default.cfg
   HOST="sslvpn9.twaren.net"
   USER="username@wlan.nthu.edu.tw"
   CERT="$HOME/.vpn.default.crt"
   JAVA=/usr/bin/java
   REALM="NTHU_Radius_Users"
   URL="https://sslvpn9.twaren.net/nthu"

4. 執行 junipernc 建立連線，如下：

   # /usr/local/bin/junipernc

5. 輸入密碼，完成驗證