Date: Mon, 15 Sep 2014 12:00:55 -0500 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-net@freebsd.org Subject: Re: Juniper Secure Access SSL VPN access from FreeBSD? Message-ID: <54171B47.7080008@shrew.net> In-Reply-To: <20140915164845.GC51285@in-addr.com> References: <54170619.4040508@FreeBSD.org> <20140915160253.GA51285@in-addr.com> <54171003.3090001@FreeBSD.org> <20140915162005.GB51285@in-addr.com> <20140915164845.GC51285@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/15/2014 11:48 AM, Gary Palmer wrote: > On Mon, Sep 15, 2014 at 05:20:05PM +0100, Gary Palmer wrote: >> On Mon, Sep 15, 2014 at 08:12:51PM +0400, Lev Serebryakov wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>> On 15.09.2014 20:02, Gary Palmer wrote: >>> >>>>> If I want to connect to my workstation at $work, I'm forced to >>>>> use Juniper Secure Access SSL VPN + rdesktop. I connect to our >>>>> office JunOS gateway with browser, and run RDesktop from it. But >>>>> it requires to use supported OS (Windows / MacOS X / Linux), as >>>>> tunnel is created via binary browser plugin. >>>>> >>>>> Is it possible to emulate this on FreeBSD? rdesktop from ports >>>>> should work as client, as I access standard Windows system, but I >>>>> need some way to emulate this VPN tunnel. Is it possible? >>>> Did you try any of the results from Google? Search for "juniper >>>> ssl vpn open source" (without the quotes) seems to show up some >>>> possibilities. >>> Yep, but all of them based on fact, that it works under Linux. For >>> example, here are script (jvpn.pl), which emulates browser, but it >>> loads Linux-specific share object from browser plugin (libncui.so) and >>> calls Linux binary (ncsvc), and it will not natively work under FreeBSD. >>> >>> Linux emulator is my last resort, but maybe, here are some other ways? >> >> Not that work reliably. I know someone who had to use a Juniper VPN >> solution and got it working under Linux without any binary plugins, >> but he went on vacation and when he came back a couple of weeks later >> he couldn't get it working again and struggled for days before giving up >> and running Windows in a VM. >> >> As best I understand it, it's a standard IPSEC VPN, but getting past the >> authentication to get to the IPSEC session is the tricky part. >> >> Regards, >> >> Gary > You might want to try https://www.shrew.net/download/ike - it claims to > support Juniper secure gateways and runs on FreeBSD. I have no idea if it > works or not. > As I understand it, Juniper has an 'SSL' VPN product that has nothing to do with IPsec. Juniper abandoned it's IPsec based client in favor of it's newer 'SSL' based client some time ago. The Shrew Soft product only supports IPsec based connectivity and is compatible with SSG/SRX systems. Hope this helps, -Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54171B47.7080008>