-
Notifications
You must be signed in to change notification settings - Fork 61
samm-git/jvpn
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
jvpn.pl - script to connect to the Juniper firewall with enabled HostChecker.
Features
* Emulates web browser to get authentication data
* Automatically starts juniper client and passing data to it using TCP
connection (it is not possible with command line).
* Able to download Linux client from the Juniper VPN server without browser or
Java.
* Could protect resolv.conf by setting +i attribute for the connection time
* Works without Java machine on x86 and x86_64 hosts
Requirements
* Perl with LWP modules
* openssl binary
* unzip (only for client unpacking)
Usage
To configure script edit jvpn.ini. If you don`t have installed client - run
jvpn.pl under sudo and it will download and install it automatically. If you
want to run it without sudo - set suid bit on the "ncsvc" binary.
If you have multiply configurations - use --conf switch to define ini file.
How it works
1) Script connecting to the VPN web portal with provided user name and password.
2) Then script handling different authentication scenarios to get DSID value
3) After getting DSID value script getting md5 fingerprint of the SSL
certificate.
4) If VPN client is not installed script downloading and unpacking it.
5) Script starting ncsvc and connecting to daemon (using TCP 127.0.0.1:4242
socket in ncsvc mode or using "ncui" wrapper in ncui mode).
6) Script emulates native GUI and passing configuration data to daemon. After
this step VPN should work.
7) Script can optionally protect resolv.conf from dhcpd or Network Manager by
setting +i flag on it (disabled by default).
8) On Ctrl+C script sending "Disconnect" command to the daemon and logging out
on the web site.
Difference between mode=ncui and mode=ncsvc
By default jvpn work in the ncsvc mode. This could be changed in jvpn.ini using
"mode" configuration setting. In ncsvc (default) mode jvpn establishing TCP
socket to nvsvc daemon and trying to establish connection using it protocol.
In "ncui" mode jvpn tryin to use main() function libncui.so which later calling
ncsvc. If default mode does not work for you i am recommending to try "ncui"
mode. Please note that to use ncui mode you should have gcc installed.
Bugs and debugging
This script is done without any documentation, only using wireshark and
debugger. It is very likely that it has a bugs or will not work correctly for
you. If you need some support - enable debug and send me all information.
Script debug is written to stdout and daemon log is written to the
~/.juniper_networks/network_connect/ncsvc.log file.
License
The author has placed this work in the Public Domain, thereby relinquishing
all copyrights. Everyone is free to use, modify, republish, sell or give away
this work without prior consent from anybody.
This software is provided on an "as is" basis, without warranty of any
kind. Use at your own risk! Under no circumstances shall the author(s) or
contributor(s) be liable for damages resulting directly or indirectly from
the use or non-use of this software.
Author
Alex Samorukov, samm@os2.kiev.ua
About
Perl script to connect to the Juniper VPN with Host Checker enabled
Resources
Stars
Watchers
Forks
Packages 0
No packages published