SSL VPN
Reply
Visitor
rrlangly
Posts: 2
Registered: ‎09-24-2011
0

network connect, won't start

[ Edited ]

I'm running into problems trying to VPN to my work place with Juniper network connect. Also using firefox on gentoo. I was hoping someone might have an idea of what's happening. Here's as much info as I could find.

 

~/.juniper_networks $ ./network_connect/ncsvc --version
Juniper Network Connect Server for Linux.
Version         : 6.5
Release Version : 6.5-0-Build15977
Build Date/time : Jun  4 2010 12:32:46 
Copyright 2001-2008 Juniper Networks

 Here's my ./dsHCLauncher_linux1.log. This seems to show the prob, but now sure how to fix it.

../common/Secure:1183 (09/23 19:37:38.816)[applet-SecureHCLauncher.class-1] (19:37:38:811)[SLA][thread applet-SecureHCLauncher.class-1] -----------------------------------------------------
../common/Secure:1183 (09/23 19:37:38.822)[applet-SecureHCLauncher.class-1] (19:37:38:822)[SLA][thread applet-SecureHCLauncher.class-1] Parameter0=action=setcookie;interval=0;process_timeout=20;failurl=;cert_md5=1da41d27f898372ab26794e1b778a317;hash_key=06f23f73c642837ab7c12ecbe431b75d1382bad1;id=ffed1bas832343badb5af7a08766ab48428ef36e28;logging=1
../common/Secure:1185 (09/23 19:37:38.822)[applet-SecureHCLauncher.class-1] (19:37:38:822)[SLA][thread applet-SecureHCLauncher.class-1] *** ERROR *** EXCEPTION : null
java.lang.Exception: Cound not find null/narport.txt; cannot send null action to Host Checker
    at SecureHCLauncher.openCommandSocket(SecureHCLauncher.java:420)
    at SecureHCLauncher.sendAction(SecureHCLauncher.java:448)
    at SecureHCLauncher.start(SecureHCLauncher.java:194)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1698)
    at java.lang.Thread.run(Thread.java:662)

../common/Secure:1183 (09/23 19:37:38.823)[applet-SecureHCLauncher.class-1] (19:37:38:823)[SLA][thread applet-SecureHCLauncher.class-1] OnFinished=setcookie_done

 Here I'm running the .juniper_networks/network_connect/ncdiag and even though there's lots of ping failures, I get out on the internet just find w/ this machine.

 

 ~/.juniper_networks/network_connect $ ./ncdiag -A
NC Diagnostics for Linux. 
Version 1.0.
Release Date/Time: Jun  4 2010 12:32:48
+==============================================================================+
|   Tests:                      |        Results:                              |
+==============================================================================+

       o  NC Installation Check          Failed
       o  NC Diagnostics                        
             NC Service                  Not Running
             NC Driver Test              Passed
             NC Tunnel Test              Not established

       o  Host Details                          
             Hostname                    Numbers
             Domainname                  (none)
             IP Routing Enabled          Yes
             IP Loopback test            Passed
             Nameserver Details         
                68.87.85.102             Ping Failed

                68.87.69.150             Ping Failed
             Gateway Ping Test                   
                 192.168.1.1             Ping Passed

       o  Network Connection Diagnostics                        

             Interface:                  lo
             IP Address:                 127.0.0.1
             Netmask:                    255.0.0.0
             MTU:                        16436

             Interface:                  eth0
             IP Address:                 192.168.1.11
             Netmask:                    255.255.255.0
             Broadcast:                  192.168.1.255
             MTU:                        1500

             Interface:                  br0
             IP Address:                 192.168.100.254
             Netmask:                    255.255.255.0
             Broadcast:                  192.168.100.255
             MTU:                        1500
      o  Route Info 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG    2      0        0 eth0

       Finished running tests 
+==============================================================================+

 

 

$ sudo eselect java-nsplugin list
Available 32-bit Java browser plugins 
[1]   emul-linux-x86-java-1.6  current 
[2]   emul-linux-x86-java-1.6-old_oji 
Available 64-bit Java browser plugins 
[1]   icedtea6-bin  
[2]   sun-jdk-1.6  current 
[3]   sun-jre-bin-1.6

 

$ sudo java-config -L        
The following VMs are available for generation-2:
1)      Sun 32bit JRE 1.6.0.26 [emul-linux-x86-java-1.6]
2)      IcedTea6-bin 1.10.3 [icedtea6-bin]
*)      Sun JDK 1.6.0.26 [sun-jdk-1.6]
4)      Sun JRE 1.6.0.26 [sun-jre-bin-1.6]

 

 

Moderator
Brij
Posts: 14
Registered: ‎10-09-2008
0

Re: network connect, won't start

Does the Network connect Client work if you disable  the hostcheck for this specific role.

Visitor
rrlangly
Posts: 2
Registered: ‎09-24-2011
0

Re: network connect, won't start

Not sure how to disable the "hostcheck for this role". I'm not the admin. Just trying to log into my place of work. They don't know much about linux.

When I get to the page that shows "Network Connect" under "Client Application Sessions" in firefox, I then press the "start" button, but the same page just reappears.

Super Contributor
srigelsford
Posts: 203
Registered: ‎04-14-2008
0

Re: network connect, won't start

Are you running 64bit Gentoo?

NC does not work on 64bit Linux. I had to run 32 bit with PAE.

 

Sam.

Recognized Expert
MattS
Posts: 205
Registered: ‎11-06-2007
0

Re: network connect, won't start

Hi,

 

You will need to talk to the SA admin as the Host Checker is probably searching for Windows-specific components.  If they agree to allow Linux to connect with Network Connect to the network they should configure the SA to allow it, the HC for Linux can check Ports, Processes and Files while HC for Windows has many more checks it can perform.

 

From http://www.juniper.net/techpubs/software/ive/admin/6.5-IVEAdminGuide.pdf

"NOTE:

You must explicitly create policies for each operating system you want to

allow. For example, if you create a Windows Host Checker policy, but don't create

one for Mac or Linux, users who sign into the IVE from a Mac or Linux machine

will not comply with the Host Checker policy and therefore will not be able to

access the realm, role, or resource on which you enforce Host Checker."

 

Also:

"NOTE:

On Linux systems, Host Checker is not supported when launching Network

Connect through ncsvc."

 

Check http://www.juniper.net/techpubs/software/ive/releasenotes/SA-SupportedPlatforms-65.pdf to see what are the Supported Platforms for the 6.5 version the SA you are connecting to is running.

 

If there is difficulty getting NC to connect they could try enabling JSAM access for Linux.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.