Author Topic: Juniper VPN setup in RaspberryPi 3  (Read 430 times)

jonathan

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Juniper VPN setup in RaspberryPi 3
« on: June 20, 2017, 10:26:26 am »
Juniper VPN setup in RaspberryPi 3

Hello friends. I have tried to setup a Juniper VPN in a RaspberryPi 3 using pi64 as operating system, because the necessity of execute Juniper binaries that are not available for ARM architecture with the official Raspbian image. Following some tutorials like this: http://blog.geeky.name/post/2016/03/29/HOWTO%3A-Ubuntu-Linux-64bit-Client-connect-to-Juniper-SSL-VPN-without-32bit-Java-(en) I tried first to do it with the icedtea-plugin to get the .jar files and searching a way with the offical Oracle Java Plugin, but only through icedtea is the option available for RaspberryPi and always fail during the Java API execution. After this, I tried with this great page of Arch Wiki following the content "Manual installation of msjnc": https://wiki.archlinux.org/index.php/Juniper_VPN but not success. Finally and currently I am trying these steps of a workmate:

1. Install the next packages as root:
# aptitude install stoken libc6:i386 zlib1g:i386 libgtk2-perl libwww-perl qemu libstdc++6:i386 libxext6:i386 libxrender1:i386 libxtst6:i386 libxi6:i386 build-essential cmake pcap-dev linux-headers-[latest]

2. Import the .sdtid file of our VPN with stoken as pi user:
$ stoken import --file file_name.sdtid

3. Create the Juniper network_connect directory as pi user:
$ mkdir -p ~/.juniper_networks/network_connect

4. Enter with Iceweasel to the URL of our customer login resource to obtain the ncLinuxApp.jar and download it.

5. Move ncLinuxApp.jar file to  ~/.juniper_networks/network_connect as pi user:
$ mv /home/pi/Downloads/ncLinuxApp.jar /home/pi/.juniper_networks/network_connect

6. Unzip the ncLinuxApp.jar file as pi user:
$ unzip ncLinuxApp.jar

7. Set the necessary privileges as root in the next files inside /home/pi/.juniper_networks/network_connect:
# chown root:root ncsvc
# chmod 6711 ncsvc
# chmod 744 ncdiag
# chmod +x getx509certificate.sh

8. Obtain the customer VPN certificate as pi user:
$ ./getx509certificate.sh customer.url.com file_name.cert

9. Execute the next command as root:
# echo 0 | tee /proc/sys/net/ipv6/conf/default/router_solicitations

10. And finally execute the connection to the VPN as pi user:
$ stoken --pin pin_number
84535943(random_generated_token_code_as_result)
$ ./ncsvc -h customer.url.com -u user_name -p 84535943(token_code) -r BlackBerry -f ./file_name.cert -U 'https://customer.url.com/dana-na/auth/url_9/login.cgi'

And when the execution finish, the next message appear in the shell prompt:
Connecting to IP_of_customer.url.com : 443
Unsupported ioctl: cmd=0x400454ca
pi@raspberrypi:~$

In the /home/pi/.juniper_networks/network_connect/ncsvc.log file I obtain the next output:

20170620100817.757984 ncsvc[p2503.t2503] ncsvc.info New ncsvc log level set to 3 (nccommon.cpp:75)
20170620100817.788892 ncsvc[p2503.t2503] sysdeps.info restoring DNS settings... (sysdeps.cpp:759)
20170620100817.791375 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100817.793437 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100817.818755 ncsvc[p2503.t2503] ncsvc.info Connecting to IP_of_customer.url.com:443 (ncsvc.cpp:494)
20170620100818.174685 ncsvc[p2503.t2503] dsclient.info state: kStateSignin (dsclient.cpp:256)
20170620100818.175954 ncsvc[p2503.t2503] dsclient.info --> GET /dana-na/auth/url_9/login.cgi (authenticate.cpp:179)
20170620100818.204497 ncsvc[p2503.t2503] dsclient.info <-- 302 https://IP_of_customer.url.com/dana-na/auth/url_9/welcome.cgi?p=failed (authenticate.cpp:211)
20170620100818.205773 ncsvc[p2503.t2503] dsclient.info state: kStateWelcome (dsclient.cpp:264)
20170620100818.208268 ncsvc[p2503.t2503] dsclient.info --> GET /dana-na/auth/url_9/welcome.cgi?p=failed (authenticate.cpp:179)
20170620100818.357804 ncsvc[p2503.t2503] dsclient.info <-- 200  (authenticate.cpp:211)
20170620100818.361547 ncsvc[p2503.t2503] dsclient.info state: kStateLogin (dsclient.cpp:296)
20170620100818.363715 ncsvc[p2503.t2503] dsclient.info --> POST /dana-na/auth/url_9/login.cgi (authenticate.cpp:179)
20170620100822.657145 ncsvc[p2503.t2503] dsclient.info <-- 302 https://IP_of_customer.url.com/dana/home/starter0.cgi?check=yes (authenticate.cpp:211)
20170620100822.659096 ncsvc[p2503.t2503] dsclient.info --> GET /dana/home/starter0.cgi?check=yes (authenticate.cpp:179)
20170620100822.862424 ncsvc[p2503.t2503] dsclient.info <-- 200  (authenticate.cpp:211)
20170620100822.866624 ncsvc[p2503.t2503] authStateLogin.info starter0.cgi has asked for tz_offset parameter (authenticate.cpp:372)
20170620100822.871651 ncsvc[p2503.t2503] authStateLogin.info starter0.cgi has asked for clienttime parameter (authenticate.cpp:379)
20170620100822.875161 ncsvc[p2503.t2503] dsclient.info --> POST /dana/home/starter0.cgi?check=yes (authenticate.cpp:179)
20170620100823.50360 ncsvc[p2503.t2503] dsclient.info <-- 302 /dana/home/starter.cgi (authenticate.cpp:211)
20170620100823.51729 ncsvc[p2503.t2503] dsclient.info --> GET /dana/home/starter.cgi (authenticate.cpp:179)
20170620100823.233175 ncsvc[p2503.t2503] dsclient.info <-- 200  (authenticate.cpp:211)
20170620100823.236412 ncsvc[p2503.t2503] dsclient.info state: kStateAuthenticated (dsclient.cpp:376)
20170620100823.246444 ncsvc[p2503.t2503] IpcConn.info listening for IPC connections on port 4242 (ncipc.cpp:83)
20170620100823.266499 ncsvc[p2503.t2503] IpcConn.info unregistering the IPC acceptor IO handler (ncipc.cpp:125)
20170620100823.273019 ncsvc[p2503.t2503] IpcConn.info client opening connection to service (ncipc.cpp:319)
20170620100823.273788 ncsvc[p2503.t2503] session.info disconnectAll called (session.cpp:1648)
20170620100823.275666 ncsvc[p2503.t2503] ipsec.info New tunnel being created (tunnel.cpp:52)
20170620100823.289637 ncsvc[p2503.t2503] ncsvc.info received onOpen (ncsvc.cpp:546)
20170620100823.295016 ncsvc[p2503.t2503] session.info ive_host = IP_of_customer.url.com (session.cpp:195)
20170620100823.299163 ncsvc[p2503.t2503] session.info Will not use a proxy to connect to the IVE (session.cpp:237)
20170620100823.318372 ncsvc[p2503.t2503] rmon.info got system route 0.0.0.0/0.0.0.0 gw 192.168.1.254 metric 202 via 0x081C0F70 (routemon.cpp:714)
20170620100823.320132 ncsvc[p2503.t2503] rmon.info got system route 192.168.1.0/255.255.255.0 gw 0.0.0.0 metric 202 via 0x457A5556 (routemon.cpp:714)
20170620100823.321366 ncsvc[p2503.t2503] rmon.info  Collecting latest routes from the system (routemon.cpp:1452)
20170620100823.324434 ncsvc[p2503.t2503] rmon.info best route to IP_of_customer.url.com is 0.0.0.0/0.0.0.0 via 0x081C0F70 metric: 202 (routemon.cpp:1473)
20170620100823.326063 ncsvc[p2503.t2503] rmon.info best route to gateway: 192.168.1.0/255.255.255.0 gw 0.0.0.0 via 0x457A5556 metric 202 (routemon.cpp:1976)
20170620100823.326835 ncsvc[p2503.t2503] rmon.info attempting to add route to next hop gateway (routemon.cpp:1980)
20170620100823.328271 ncsvc[p2503.t2503] rmon.info adding route to 192.168.1.254/255.255.255.255 with gw 0.0.0.0, metric 1, if_id 1165645142 (routemon.cpp:872)
20170620100823.331367 ncsvc[p2503.t2503] rmon.info adding server route to the IVE: dest = IP_of_customer.url.com, gw = 192.168.1.254, if_id = 136056688, dev = eth0 (routemon.cpp:1547)
20170620100823.334352 ncsvc[p2503.t2503] session.info connecting to ive IP_of_customer.url.com (session.cpp:362)
20170620100823.342682 ncsvc[p2503.t2503] ncp.error ncpEstablish for IVE IP_of_customer.url.com with context 0x81c0c60 (ncp.cpp:428)
20170620100823.376230 ncsvc[p2503.t2505] main.info Setting DSSSL to use Default ciphers (ncp.cpp:1680)
20170620100823.453247 ncsvc[p2503.t2505] main.info Setting NCP certificate hash for DSSSL certificate verification (ncp.cpp:1689)
20170620100823.458097 ncsvc[p2503.t2505] main.info Using DSSSL to connect to IVE (ncp.cpp:1750)
20170620100823.460329 ncsvc[p2503.t2505] connect.info creating a new HTTP connection... (ncp_dsssl.cpp:176)
20170620100823.907512 ncsvc[p2503.t2505] connect.info compression is enabled (ncp_dsssl.cpp:400)
20170620100823.909396 ncsvc[p2503.t2505] connect.info IVE ncp_version = 2 (ncp_dsssl.cpp:410)
20170620100823.923601 ncsvc[p2503.t2505] conn.info cleanup 0 (ncp.cpp:1418)
20170620100823.925116 ncsvc[p2503.t2505] ncp.error NCP_ESTABLISH_DONE for IVE IP_of_customer.url.com (ncp.cpp:1793)
20170620100823.928867 ncsvc[p2503.t2503] ncphandler.info establish done (ncphandler.cpp:279)
20170620100823.931022 ncsvc[p2503.t2503] ncp.info connect to raspberrypi:443 svc 4 (ncp.cpp:779)
20170620100823.932099 ncsvc[p2503.t2503] connect.info creating a new HTTP connection... (ncp_dsssl.cpp:176)
20170620100824.37056 ncsvc[p2503.t2505] connect.info compression is enabled (ncp_dsssl.cpp:400)
20170620100824.38277 ncsvc[p2503.t2505] connect.info IVE ncp_version = 2 (ncp_dsssl.cpp:410)
20170620100824.41790 ncsvc[p2503.t2505] connect.error deflateInit2 returned 0 (ncp_dsssl.cpp:486)
20170620100824.83063 ncsvc[p2503.t2503] ncphandler.info connect done (ncphandler.cpp:284)
20170620100824.84153 ncsvc[p2503.t2503] session.info Connected to ive IP_of_customer.url.com (session.cpp:426)
20170620100824.85278 ncsvc[p2503.t2503] adapter.error Can not TUNSETIFF 38 (adapter.cpp:309)
20170620100824.85813 ncsvc[p2503.t2503] session.info onConnected calling disconnect for ive IP_of_customer.url.com (session.cpp:431)
20170620100824.86336 ncsvc[p2503.t2503] session.info disconnecting from ive IP_of_customer.url.com with reason 6 (session.cpp:506)
20170620100824.86686 ncsvc[p2503.t2503] adapter.info closing tun adapter FFFFFFFF (adapter.cpp:747)
20170620100824.88829 ncsvc[p2503.t2503] sysdeps.info restoring DNS settings... (sysdeps.cpp:759)
20170620100824.89360 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100824.89770 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100824.96534 ncsvc[p2503.t2503] session.info disconnecting from ive IP_of_customer.url.com with reason 6 (session.cpp:506)
20170620100824.96963 ncsvc[p2503.t2503] adapter.info closing tun adapter FFFFFFFF (adapter.cpp:747)
20170620100824.97274 ncsvc[p2503.t2503] sysdeps.info restoring DNS settings... (sysdeps.cpp:759)
20170620100824.97554 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100824.97812 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100824.98358 ncsvc[p2503.t2503] ncphandler.error NCP disconnect failed, error 107 (ncphandler.cpp:131)
20170620100824.98958 ncsvc[p2503.t2503] ncp.error ncpTearDown for IVE IP_of_customer.url.com (ncp.cpp:497)
20170620100824.99602 ncsvc[p2503.t2505] worker.error NCP worker has been requested to stop (ncp_dsssl.cpp:649)
20170620100824.100750 ncsvc[p2503.t2503] ncphandler.info disconnect done - tearing down (ncphandler.cpp:322)
20170620100824.104126 ncsvc[p2503.t2505] conn.info cleanup 0 (ncp.cpp:1418)
20170620100824.104877 ncsvc[p2503.t2505] writer.error thread exit (ncp.cpp:1848)
20170620100824.104945 ncsvc[p2503.t2503] ncphandler.info teardown done (ncphandler.cpp:340)
20170620100824.110486 ncsvc[p2503.t2503] ncp.error ncpCleanup for IVE IP_of_customer.url.com (ncp.cpp:618)
20170620100824.130999 ncsvc[p2503.t2503] session.info disconnected from ive IP_of_customer.url.com with reason 6 (session.cpp:569)
20170620100824.192462 ncsvc[p2503.t2503] ncui.info received onDisconnect with reason = 6 (ncsvc.cpp:628)
20170620100824.213766 ncsvc[p2503.t2503] IpcConn.error recv failed with errno 16 (ncipc.cpp:273)

Can someone explain me what is happening or help me to setup in a correct way this Juniper VPN in RaspberryPi please?