Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Juniper works from FF but not via ncsvc
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 539
Location: far from new world orderia

PostPosted: Sat Oct 04, 2008 4:28 pm    Post subject: Juniper works from FF but not via ncsvc Reply with quote

Hi,

our company moved from Cisco to Juniper and I'd like to have VPN connection started via script so I can route only necessary traffic thru tun.

I can successfully connect to Juniper via Firefox, however running it from cli gives following (replaced real values with fake ones) -

Code:

./ncsvc -h xyz.xxx.com -u user -p password -r Realm -f ~/my_cert.crt -L 5

ncsvc.log
Code:

20081004175423.224318 ncsvc[1182] dsclient.info <-- 200  (authenticate.cpp:168)
20081004175423.224337 ncsvc[1182] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:329)
20081004175423.224356 ncsvc[1182] dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:136)
20081004175423.224520 ncsvc[1182] http_connection.para Entering state_start_connection (http_connection.cpp:277)
20081004175423.252941 ncsvc[1182] http_connection.para Entering state_continue_connection (http_connection.cpp:294)
20081004175423.253010 ncsvc[1182] http_connection.para Entering state_ssl_connect (http_connection.cpp:463)
20081004175423.311349 ncsvc[1182] dsssl.para SSL connect ssl=0x81b4888/sd=5 connection using cipher RC4-MD5 (DSSSLSock.cpp:460)
20081004175423.311598 ncsvc[1182] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:471)
20081004175423.343729 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)
20081004175423.343786 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)
20081004175423.344509 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)
20081004175423.344539 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)
20081004175423.344564 ncsvc[1182] dsclient.info <-- 200  (authenticate.cpp:168)
20081004175423.344587 ncsvc[1182] dsclient.error state post auth cache cleaner failed, error 10 (dsclient.cpp:331)
20081004175423.344801 ncsvc[1182] ncapp.error Failed to authenticate with IVE. Error 10 (ncsvc.cpp:187)
20081004175423.344829 ncsvc[1182] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72)


Would anyone know how to fix this?

Code:

$ ./ncsvc -v
Juniper Network Connect Server for Linux.
Version         : 1.2
Release Version : 6.0-0-Build13149
Build Date/time : May 15 2008 14:30:17
Copyright 2002-2007 Juniper Networks

Code:

uname -a
Linux mahdi 2.6.19-gentoo-r5 #7 SMP PREEMPT Mon Oct 1 20:11:31 CEST 2007 i686 Intel(R) Pentium(R) M processor 1700MHz GenuineIntel GNU/Linux


thanks,
mahdi
Back to top
View user's profile Send private message
KWhat
l33t
l33t


Joined: 04 Sep 2005
Posts: 620
Location: Los Angeles

PostPosted: Tue Oct 07, 2008 8:47 pm    Post subject: Reply with quote

Ok i spent a lot of time messing around with this because I never knew i could start this thing from the command line.

First i assume you were able to connect via the site, have tun probed and probably rpm installed. Also i have no idea how you installed the program.

Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application. I had some minor issues with the realm but that caused a different error that what you revived.

So I guess my question to you is how did you install? Did you use the script above, did you hack it manually?
Back to top
View user's profile Send private message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 539
Location: far from new world orderia

PostPosted: Wed Oct 08, 2008 12:29 pm    Post subject: Reply with quote

Thanks KWhat for looking into this - here's my answers

KWhat wrote:

First i assume you were able to connect via the site, have tun probed and probably rpm installed. Also i have no idea how you installed the program.

Yes, I can connect via browser no problem, tun device runing. On first login via browser it installed required libraries into ~ folder.

KWhat wrote:

Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application. I had some minor issues with the realm but that caused a different error that what you revived.

So I guess my question to you is how did you install? Did you use the script above, did you hack it manually?

I followed steps described here - http://www.juniperforum.com/index.php/topic,5455.0.html - will try the script in the evening as I'm at different machine at the moment.
Back to top
View user's profile Send private message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 539
Location: far from new world orderia

PostPosted: Thu Oct 09, 2008 6:04 pm    Post subject: Reply with quote

I've tried the script, but still getting the same error :(

I've doublechecked all values several times and they are corretly defined in the script itself.
Back to top
View user's profile Send private message
KWhat
l33t
l33t


Joined: 04 Sep 2005
Posts: 620
Location: Los Angeles

PostPosted: Thu Oct 16, 2008 9:12 pm    Post subject: Reply with quote

The ive errors i was getting prior to this working were related to two issues. Invalid Realm and Invalid Cert. I would double check both, make sure you get your realm off the web page you sign in at.

One more interesting tidbit of information:
Quote:
You will encounter this mysterious error if you have /etc and /tmp mounted on different partitions. I typically mount /tmp as a separate partition so that random users and processes can't fill my whole root disk. Guess I won't be doing that until Juniper releases a fix for this.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum