Notices

Hi, has anyone had success connecting to a Juniper vpn? On a PC I connect through Juniper Network Connect, a java app. There is also a linux command-line version of Network Connect "ncsvc", but seems to exist only as a x86 binary. I've also tried vpnc since apparently that also supports Juniper setups, but I've failed at configuration. If anyone has succeeded with either approach, I'd be very grateful to hear about it. Thank you.

AFAIK juniper vpn needs the offcial sun jre. at least on ubuntu.

I think the java is only needed for the GUI. Juniper's documentation suggests that "ncsvc" (the guts of the vpn code) can be run without java. Unfortunately there's no suitable binary or source code available.

http://kb.juniper.net/KB16188

Install the Sun JRE Embedded for ARM from sun's website, or install IcedTea from extras-devel to install Java, it might work.

IcedTea on Fedora x86 to a juniper VPN takes up all the CPU, so I wouldn't advise it on any platform. You'll need the official Sun JRE.

Since the java is just there to call the C-code, according to the juniper documentation at that link, I'm not too optimistic. But I'll give it a shot.

Lets assume that I have Linux machine that successfully connected and have the .junpier_networks folder that can be copied to the n900.

Combined with the information that was gathered by ppl that managed to (run i386 binaries on n900)

and combined with some workarounds to the original connection method so it can be done in command line without the need of a browser with java applets (here and here + some additional changes like adding qemu-i386 call)

Will it be possible for me to pwn my corporate blackberry owners?

I did not manage to use vpnc for the connection because I couldn't find a suitable configuration template that had both Securid&Juniper/netscreen (+ I have no idea what to put in either group or secret fields).

We're in the same boat. I also failed to configure vpnc for my juniper vpn. In fact I haven't heard from anyone that has succeeded with that approach. I tried the qemu "user mode" approach using the Juniper i386 network connect binary ("ncsvc"), and got the following error:

/usr/local/nc/ncsvc: error in loading shared libraries: libz.so.1: ELF file machine architecture not i386

Anyone have any suggestions? Sorry-- engineering PhD linux noob here.

---------------------------------------------------
Here's exactly what I did:

Found the ncsvc i386 linux binary online somewhere, so it's not necessary to find a linux machine where network connect works to get the files. I can make that file available if anyone wants it.

I installed the qemu binary from damion's posts. You also need some standard i386 linux libraries like from qemu's download page (linux-user-test-0.3.tar.gz). This also includes some standard i386 binaries (i.e. "ls") which you can try to run to test qemu user mode, and in fact the i386 "ls" did work pretty easily on my n900...

i.e.
/home/user # ./qemu-i386 -L /home/opt/root/linux-user-test-0.3/gnemul/qemu-i386 ./ls

displays the contents of /home/user.

The -L part is the i386 library path preface. Here I copied the i386 "ls" binary into /home/user. Be careful with copying these binaries and libraries around so you don't overwrite any of the native stuff. Also, by the way, if you get errors with this initial testing check permissions.

Subbing "/usr/local/nc/ncsvc" for "ls", I get the error above.

Some progress... using qemu "user mode" I can actually execute the i386 "ncsvc" binary, to display usage and version info. But when I try to make the vpn connection, I get...

Connecting to vpn.blank.edu : 443

then a few seconds later...

qemu: uncaught target signal 11 (Segmentation fault) - core dumped

I know the "connecting" step above is the last step. The machine actually does briefly open a vpn session. I know because I logged in via the web on another computer and it was aware of that session. But it can't seem to keep it open.

The zlib problem was solved by copying over a i386 zlib shared library (1.1.3). After that, I found that a newer version of the standard i386 binaries was also needed (at least 2.3.2).

Tried using Easy Debian with Ice Weasel to get access to my Juniper VPN at work.. No go.. Think it has two components - one a Java (which runs in Easy Debian) but the other is an x86 binary for sure hence why it just stalls thereafter..