Ok my company is implementing one of the products we sell and I was wondering if anyone had any experiences good or bad with these products in Linux. The network engineer here doesn't use anything but windows. We are implementing a Junper Netscreen VPN.

I haven't tried netscreen vpn client for linux. I've searched the juniper site but i can't find vpn client for linux. I've only used windows client. I still have to try windows client using wine.

btw, pls contact me on my email add on my signature if you got it.
very much appreciated..

I though about this a little and researched it a little. I doubt it will be easy
for me to use netscreen ssl vpn nicely. Ok whats involved in any OS to get a vpn
working ... first you need to add a virtual network node set it up with an
address and then you need to add a route in the routing table. In windows it
probably creates a new icon in network neighborhood as a result of adding the
new virtual network node. When you type ipconfig in the it probably
shows a new node with the address it obtains from dhcp. So in order for there to
be a solution for all OSs there would have to be a standard for them all to
agree on. Thats not at all likely. I don't remmember it being part of the posix
standards to create a new virtual network node and adding a route. And windows
never really followed the posix or standards methodology anyways they couldn't
wait for standards to be created. Unless there is an applet for other OSs only
windows would be supported. There might be client software that I could use like
ipsec? that I'd be able to use I read some people where using it with netscreen.
At worst I could create an ssh deamon on my windows virtual machine using cygwin
and have windows on my vm connect with the netscreen applet software. So then I
would ssh to my windows vm and ssh again from there to behind the vpn. Icky
solution as you can see. I have other hacker methods around this but there
purely theoretical from my perspective and probably only used by hackers that
don't wish to discuss on how to hack windows vpns. There still is software with
these Netscreen appliances. Its just they moved it into an applet that has to
be downloaded each time and or cached. And there are requirements for windows.
I'm sure if I removed things from the standard windows install I could break
the functionality of it. One of the hacker methods involves ndiswrapper wich
is a linux wrapper around the windows network api wich netscreens applet would
likely use to create the network node and adding the route. You might think
things like this are easy but wow it gets difficult if you've ever delt with
portability. If there is a way to use Macs with the netscreen I'd like to see
the documentation on them. They might have to use client software simmilar to
ipsec and that would give me clues on setting up ipsec.

This was email I sent my network engineer I'll see what she replies to me. I don't think she knows enough to be helpful. I'll have to hack a little.

I do not know which vpn bundle you are using, but at Villanova University (where i study) there is Juniper Network Connect VPN.

Juniper Network Connect is actually a Java program and will launch automatically from the browser.
The problem is it requires the Sun Java Plugin else it says Java not installed, I used easyLife to configure the sun jre and firefox java plugin and it works perfect now.
Use easylife or follow http://www.fedoraguide.info/index.php/Main_Page#Sun_Java_.28Method_1.29 to get the JRE running.

Click start and you are done.

Attached are the screen shots of how it looks like.

Getting the appropriate browser java plugin is the only problem I faced connecting to juniper VPN. others may face dependency problems in case openssl libraries are not installed (read about it in some other forums).

Personally I prefer this route to connect to vpn as I do not have to lug around any certificate files, etc. and even if a go to any new system, all i have to do is open the browser page.

another related thread regarding java in firefox is http://forums.fedoraforum.org/forum/showthread.php?t=185177

Wow that was a long time ago. ramblezeus is right the only problem I have with it is that it handles the /etc/resolve.conf incorrectly. it should move it out of the way and create its own and move it back on close. However it appends to the bottom of /etc/resolv.conf the vpn's dns server thus it is never contacted because the first dns fails.
How dns works is as follows: if the server does not respond in an appropriate amount of time it will try the next dns server.
If it responds with a found or not found response dns will not bother to go to the next dns server.

Hi

Hope this will be useful for somebody - command line way for connecting to Juniper vpn from FC9:
(it is assumed that you tried, even unsuccessfully, to login to your vpn server through the web and you have created ~/.juniper_networks with all the necessary content )
starting script:

--------------------------------------
#!/bin/bash

LOGIN='login' # e.g. name of sdtid file
REALM="3PP SecurID" # your realm
# exact value of realm could be taken from the sources of login page
CERT='yourhostcert.der' #can be created using getx509certificate.sh for vpn host
HOST='vpnhost'

while true; do
password=`zenity --entry --title="VPN" --text='Enter SecurID Code' --hide-text` \
|| exit 0
case $password in '') die 'Invalid passphrase' ;;
esac
cd ~/.juniper_networks/network_connect
sudo ./ncsvc -h $HOST -u $LOGIN -p $password --log-level=5 -r "$REALM" -f $CERT
tail ncsvc.log
done
--------------------------------------


In my case I use generated software token as password. It is pity but I was unable to generate RSA token under linux... so any suggestions about this are greatly appreciated.

stoping script:
--------------------------------------
#!/bin/bash

cd ~/.juniper_networks/network_connect

./ncsvc -K
--------------------------------------


Good luck