View previous topic :: View next topic |
Author |
Message |
mahdi1234 Guru
Joined: 19 Feb 2005 Posts: 559 Location: Being There
|
Posted: Sat Oct 04, 2008 4:28 pm Post subject: Juniper works from FF but not via ncsvc |
|
|
Hi,
our company moved from Cisco to Juniper and I'd like to have VPN connection started via script so I can route only necessary traffic thru tun.
I can successfully connect to Juniper via Firefox, however running it from cli gives following (replaced real values with fake ones) -
Code: |
./ncsvc -h xyz.xxx.com -u user -p password -r Realm -f ~/my_cert.crt -L 5
|
ncsvc.log
Code: |
20081004175423.224318 ncsvc[1182] dsclient.info <-- 200 (authenticate.cpp:168)
20081004175423.224337 ncsvc[1182] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:329)
20081004175423.224356 ncsvc[1182] dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:136)
20081004175423.224520 ncsvc[1182] http_connection.para Entering state_start_connection (http_connection.cpp:277)
20081004175423.252941 ncsvc[1182] http_connection.para Entering state_continue_connection (http_connection.cpp:294)
20081004175423.253010 ncsvc[1182] http_connection.para Entering state_ssl_connect (http_connection.cpp:463)
20081004175423.311349 ncsvc[1182] dsssl.para SSL connect ssl=0x81b4888/sd=5 connection using cipher RC4-MD5 (DSSSLSock.cpp:460)
20081004175423.311598 ncsvc[1182] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:471)
20081004175423.343729 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)
20081004175423.343786 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)
20081004175423.344509 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)
20081004175423.344539 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)
20081004175423.344564 ncsvc[1182] dsclient.info <-- 200 (authenticate.cpp:168)
20081004175423.344587 ncsvc[1182] dsclient.error state post auth cache cleaner failed, error 10 (dsclient.cpp:331)
20081004175423.344801 ncsvc[1182] ncapp.error Failed to authenticate with IVE. Error 10 (ncsvc.cpp:187)
20081004175423.344829 ncsvc[1182] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72)
|
Would anyone know how to fix this?
Code: |
$ ./ncsvc -v
Juniper Network Connect Server for Linux.
Version : 1.2
Release Version : 6.0-0-Build13149
Build Date/time : May 15 2008 14:30:17
Copyright 2002-2007 Juniper Networks
|
Code: |
uname -a
Linux mahdi 2.6.19-gentoo-r5 #7 SMP PREEMPT Mon Oct 1 20:11:31 CEST 2007 i686 Intel(R) Pentium(R) M processor 1700MHz GenuineIntel GNU/Linux
|
thanks,
mahdi |
|
Back to top |
|
|
KWhat l33t
Joined: 04 Sep 2005 Posts: 647 Location: Los Angeles
|
Posted: Tue Oct 07, 2008 8:47 pm Post subject: |
|
|
Ok i spent a lot of time messing around with this because I never knew i could start this thing from the command line.
First i assume you were able to connect via the site, have tun probed and probably rpm installed. Also i have no idea how you installed the program.
Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application. I had some minor issues with the realm but that caused a different error that what you revived.
So I guess my question to you is how did you install? Did you use the script above, did you hack it manually? |
|
Back to top |
|
|
mahdi1234 Guru
Joined: 19 Feb 2005 Posts: 559 Location: Being There
|
Posted: Wed Oct 08, 2008 12:29 pm Post subject: |
|
|
Thanks KWhat for looking into this - here's my answers
KWhat wrote: |
First i assume you were able to connect via the site, have tun probed and probably rpm installed. Also i have no idea how you installed the program.
|
Yes, I can connect via browser no problem, tun device runing. On first login via browser it installed required libraries into ~ folder.
KWhat wrote: |
Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application. I had some minor issues with the realm but that caused a different error that what you revived.
So I guess my question to you is how did you install? Did you use the script above, did you hack it manually?
|
I followed steps described here - http://www.juniperforum.com/index.php/topic,5455.0.html - will try the script in the evening as I'm at different machine at the moment. |
|
Back to top |
|
|
mahdi1234 Guru
Joined: 19 Feb 2005 Posts: 559 Location: Being There
|
Posted: Thu Oct 09, 2008 6:04 pm Post subject: |
|
|
I've tried the script, but still getting the same error :(
I've doublechecked all values several times and they are corretly defined in the script itself. |
|
Back to top |
|
|
KWhat l33t
Joined: 04 Sep 2005 Posts: 647 Location: Los Angeles
|
Posted: Thu Oct 16, 2008 9:12 pm Post subject: |
|
|
The ive errors i was getting prior to this working were related to two issues. Invalid Realm and Invalid Cert. I would double check both, make sure you get your realm off the web page you sign in at.
One more interesting tidbit of information:
Quote: | You will encounter this mysterious error if you have /etc and /tmp mounted on different partitions. I typically mount /tmp as a separate partition so that random users and processes can't fill my whole root disk. Guess I won't be doing that until Juniper releases a fix for this. |
|
|
Back to top |
|
|
|