Author Topic: Juniper VPN setup in RaspberryPi 3  (Read 323 times)


  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Juniper VPN setup in RaspberryPi 3
« on: June 20, 2017, 10:26:26 am »
Juniper VPN setup in RaspberryPi 3

Hello friends. I have tried to setup a Juniper VPN in a RaspberryPi 3 using pi64 as operating system, because the necessity of execute Juniper binaries that are not available for ARM architecture with the official Raspbian image. Following some tutorials like this: I tried first to do it with the icedtea-plugin to get the .jar files and searching a way with the offical Oracle Java Plugin, but only through icedtea is the option available for RaspberryPi and always fail during the Java API execution. After this, I tried with this great page of Arch Wiki following the content "Manual installation of msjnc": but not success. Finally and currently I am trying these steps of a workmate:

1. Install the next packages as root:
# aptitude install stoken libc6:i386 zlib1g:i386 libgtk2-perl libwww-perl qemu libstdc++6:i386 libxext6:i386 libxrender1:i386 libxtst6:i386 libxi6:i386 build-essential cmake pcap-dev linux-headers-[latest]

2. Import the .sdtid file of our VPN with stoken as pi user:
$ stoken import --file file_name.sdtid

3. Create the Juniper network_connect directory as pi user:
$ mkdir -p ~/.juniper_networks/network_connect

4. Enter with Iceweasel to the URL of our customer login resource to obtain the ncLinuxApp.jar and download it.

5. Move ncLinuxApp.jar file to  ~/.juniper_networks/network_connect as pi user:
$ mv /home/pi/Downloads/ncLinuxApp.jar /home/pi/.juniper_networks/network_connect

6. Unzip the ncLinuxApp.jar file as pi user:
$ unzip ncLinuxApp.jar

7. Set the necessary privileges as root in the next files inside /home/pi/.juniper_networks/network_connect:
# chown root:root ncsvc
# chmod 6711 ncsvc
# chmod 744 ncdiag
# chmod +x

8. Obtain the customer VPN certificate as pi user:
$ ./ file_name.cert

9. Execute the next command as root:
# echo 0 | tee /proc/sys/net/ipv6/conf/default/router_solicitations

10. And finally execute the connection to the VPN as pi user:
$ stoken --pin pin_number
$ ./ncsvc -h -u user_name -p 84535943(token_code) -r BlackBerry -f ./file_name.cert -U ''

And when the execution finish, the next message appear in the shell prompt:
Connecting to : 443
Unsupported ioctl: cmd=0x400454ca

In the /home/pi/.juniper_networks/network_connect/ncsvc.log file I obtain the next output:

20170620100817.757984 ncsvc[p2503.t2503] New ncsvc log level set to 3 (nccommon.cpp:75)
20170620100817.788892 ncsvc[p2503.t2503] restoring DNS settings... (sysdeps.cpp:759)
20170620100817.791375 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100817.793437 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100817.818755 ncsvc[p2503.t2503] Connecting to (ncsvc.cpp:494)
20170620100818.174685 ncsvc[p2503.t2503] state: kStateSignin (dsclient.cpp:256)
20170620100818.175954 ncsvc[p2503.t2503] --> GET /dana-na/auth/url_9/login.cgi (authenticate.cpp:179)
20170620100818.204497 ncsvc[p2503.t2503] <-- 302 (authenticate.cpp:211)
20170620100818.205773 ncsvc[p2503.t2503] state: kStateWelcome (dsclient.cpp:264)
20170620100818.208268 ncsvc[p2503.t2503] --> GET /dana-na/auth/url_9/welcome.cgi?p=failed (authenticate.cpp:179)
20170620100818.357804 ncsvc[p2503.t2503] <-- 200  (authenticate.cpp:211)
20170620100818.361547 ncsvc[p2503.t2503] state: kStateLogin (dsclient.cpp:296)
20170620100818.363715 ncsvc[p2503.t2503] --> POST /dana-na/auth/url_9/login.cgi (authenticate.cpp:179)
20170620100822.657145 ncsvc[p2503.t2503] <-- 302 (authenticate.cpp:211)
20170620100822.659096 ncsvc[p2503.t2503] --> GET /dana/home/starter0.cgi?check=yes (authenticate.cpp:179)
20170620100822.862424 ncsvc[p2503.t2503] <-- 200  (authenticate.cpp:211)
20170620100822.866624 ncsvc[p2503.t2503] starter0.cgi has asked for tz_offset parameter (authenticate.cpp:372)
20170620100822.871651 ncsvc[p2503.t2503] starter0.cgi has asked for clienttime parameter (authenticate.cpp:379)
20170620100822.875161 ncsvc[p2503.t2503] --> POST /dana/home/starter0.cgi?check=yes (authenticate.cpp:179)
20170620100823.50360 ncsvc[p2503.t2503] <-- 302 /dana/home/starter.cgi (authenticate.cpp:211)
20170620100823.51729 ncsvc[p2503.t2503] --> GET /dana/home/starter.cgi (authenticate.cpp:179)
20170620100823.233175 ncsvc[p2503.t2503] <-- 200  (authenticate.cpp:211)
20170620100823.236412 ncsvc[p2503.t2503] state: kStateAuthenticated (dsclient.cpp:376)
20170620100823.246444 ncsvc[p2503.t2503] listening for IPC connections on port 4242 (ncipc.cpp:83)
20170620100823.266499 ncsvc[p2503.t2503] unregistering the IPC acceptor IO handler (ncipc.cpp:125)
20170620100823.273019 ncsvc[p2503.t2503] client opening connection to service (ncipc.cpp:319)
20170620100823.273788 ncsvc[p2503.t2503] disconnectAll called (session.cpp:1648)
20170620100823.275666 ncsvc[p2503.t2503] New tunnel being created (tunnel.cpp:52)
20170620100823.289637 ncsvc[p2503.t2503] received onOpen (ncsvc.cpp:546)
20170620100823.295016 ncsvc[p2503.t2503] ive_host = (session.cpp:195)
20170620100823.299163 ncsvc[p2503.t2503] Will not use a proxy to connect to the IVE (session.cpp:237)
20170620100823.318372 ncsvc[p2503.t2503] got system route gw metric 202 via 0x081C0F70 (routemon.cpp:714)
20170620100823.320132 ncsvc[p2503.t2503] got system route gw metric 202 via 0x457A5556 (routemon.cpp:714)
20170620100823.321366 ncsvc[p2503.t2503]  Collecting latest routes from the system (routemon.cpp:1452)
20170620100823.324434 ncsvc[p2503.t2503] best route to is via 0x081C0F70 metric: 202 (routemon.cpp:1473)
20170620100823.326063 ncsvc[p2503.t2503] best route to gateway: gw via 0x457A5556 metric 202 (routemon.cpp:1976)
20170620100823.326835 ncsvc[p2503.t2503] attempting to add route to next hop gateway (routemon.cpp:1980)
20170620100823.328271 ncsvc[p2503.t2503] adding route to with gw, metric 1, if_id 1165645142 (routemon.cpp:872)
20170620100823.331367 ncsvc[p2503.t2503] adding server route to the IVE: dest =, gw =, if_id = 136056688, dev = eth0 (routemon.cpp:1547)
20170620100823.334352 ncsvc[p2503.t2503] connecting to ive (session.cpp:362)
20170620100823.342682 ncsvc[p2503.t2503] ncp.error ncpEstablish for IVE with context 0x81c0c60 (ncp.cpp:428)
20170620100823.376230 ncsvc[p2503.t2505] Setting DSSSL to use Default ciphers (ncp.cpp:1680)
20170620100823.453247 ncsvc[p2503.t2505] Setting NCP certificate hash for DSSSL certificate verification (ncp.cpp:1689)
20170620100823.458097 ncsvc[p2503.t2505] Using DSSSL to connect to IVE (ncp.cpp:1750)
20170620100823.460329 ncsvc[p2503.t2505] creating a new HTTP connection... (ncp_dsssl.cpp:176)
20170620100823.907512 ncsvc[p2503.t2505] compression is enabled (ncp_dsssl.cpp:400)
20170620100823.909396 ncsvc[p2503.t2505] IVE ncp_version = 2 (ncp_dsssl.cpp:410)
20170620100823.923601 ncsvc[p2503.t2505] cleanup 0 (ncp.cpp:1418)
20170620100823.925116 ncsvc[p2503.t2505] ncp.error NCP_ESTABLISH_DONE for IVE (ncp.cpp:1793)
20170620100823.928867 ncsvc[p2503.t2503] establish done (ncphandler.cpp:279)
20170620100823.931022 ncsvc[p2503.t2503] connect to raspberrypi:443 svc 4 (ncp.cpp:779)
20170620100823.932099 ncsvc[p2503.t2503] creating a new HTTP connection... (ncp_dsssl.cpp:176)
20170620100824.37056 ncsvc[p2503.t2505] compression is enabled (ncp_dsssl.cpp:400)
20170620100824.38277 ncsvc[p2503.t2505] IVE ncp_version = 2 (ncp_dsssl.cpp:410)
20170620100824.41790 ncsvc[p2503.t2505] connect.error deflateInit2 returned 0 (ncp_dsssl.cpp:486)
20170620100824.83063 ncsvc[p2503.t2503] connect done (ncphandler.cpp:284)
20170620100824.84153 ncsvc[p2503.t2503] Connected to ive (session.cpp:426)
20170620100824.85278 ncsvc[p2503.t2503] adapter.error Can not TUNSETIFF 38 (adapter.cpp:309)
20170620100824.85813 ncsvc[p2503.t2503] onConnected calling disconnect for ive (session.cpp:431)
20170620100824.86336 ncsvc[p2503.t2503] disconnecting from ive with reason 6 (session.cpp:506)
20170620100824.86686 ncsvc[p2503.t2503] closing tun adapter FFFFFFFF (adapter.cpp:747)
20170620100824.88829 ncsvc[p2503.t2503] restoring DNS settings... (sysdeps.cpp:759)
20170620100824.89360 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100824.89770 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100824.96534 ncsvc[p2503.t2503] disconnecting from ive with reason 6 (session.cpp:506)
20170620100824.96963 ncsvc[p2503.t2503] closing tun adapter FFFFFFFF (adapter.cpp:747)
20170620100824.97274 ncsvc[p2503.t2503] restoring DNS settings... (sysdeps.cpp:759)
20170620100824.97554 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:762)
20170620100824.97812 ncsvc[p2503.t2503] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:766)
20170620100824.98358 ncsvc[p2503.t2503] ncphandler.error NCP disconnect failed, error 107 (ncphandler.cpp:131)
20170620100824.98958 ncsvc[p2503.t2503] ncp.error ncpTearDown for IVE (ncp.cpp:497)
20170620100824.99602 ncsvc[p2503.t2505] worker.error NCP worker has been requested to stop (ncp_dsssl.cpp:649)
20170620100824.100750 ncsvc[p2503.t2503] disconnect done - tearing down (ncphandler.cpp:322)
20170620100824.104126 ncsvc[p2503.t2505] cleanup 0 (ncp.cpp:1418)
20170620100824.104877 ncsvc[p2503.t2505] writer.error thread exit (ncp.cpp:1848)
20170620100824.104945 ncsvc[p2503.t2503] teardown done (ncphandler.cpp:340)
20170620100824.110486 ncsvc[p2503.t2503] ncp.error ncpCleanup for IVE (ncp.cpp:618)
20170620100824.130999 ncsvc[p2503.t2503] disconnected from ive with reason 6 (session.cpp:569)
20170620100824.192462 ncsvc[p2503.t2503] received onDisconnect with reason = 6 (ncsvc.cpp:628)
20170620100824.213766 ncsvc[p2503.t2503] IpcConn.error recv failed with errno 16 (ncipc.cpp:273)

Can someone explain me what is happening or help me to setup in a correct way this Juniper VPN in RaspberryPi please?