From owner-freebsd-net@FreeBSD.ORG Mon Sep 15 16:48:47 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7E092A2A; Mon, 15 Sep 2014 16:48:47 +0000 (UTC) Received: from mail.in-addr.com (mail.in-addr.com [IPv6:2a01:4f8:191:61e8::2525:2525]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 405A2DE2; Mon, 15 Sep 2014 16:48:47 +0000 (UTC) Received: from gjp by mail.in-addr.com with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1XTZSH-0004Uv-HT; Mon, 15 Sep 2014 17:48:45 +0100 Date: Mon, 15 Sep 2014 17:48:45 +0100 From: Gary Palmer To: Lev Serebryakov Subject: Re: Juniper Secure Access SSL VPN access from FreeBSD? Message-ID: <20140915164845.GC51285@in-addr.com> References: <54170619.4040508@FreeBSD.org> <20140915160253.GA51285@in-addr.com> <54171003.3090001@FreeBSD.org> <20140915162005.GB51285@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140915162005.GB51285@in-addr.com> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on mail.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 16:48:47 -0000 On Mon, Sep 15, 2014 at 05:20:05PM +0100, Gary Palmer wrote: > On Mon, Sep 15, 2014 at 08:12:51PM +0400, Lev Serebryakov wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 15.09.2014 20:02, Gary Palmer wrote: > > > > >> If I want to connect to my workstation at $work, I'm forced to > > >> use Juniper Secure Access SSL VPN + rdesktop. I connect to our > > >> office JunOS gateway with browser, and run RDesktop from it. But > > >> it requires to use supported OS (Windows / MacOS X / Linux), as > > >> tunnel is created via binary browser plugin. > > >> > > >> Is it possible to emulate this on FreeBSD? rdesktop from ports > > >> should work as client, as I access standard Windows system, but I > > >> need some way to emulate this VPN tunnel. Is it possible? > > > > > > Did you try any of the results from Google? Search for "juniper > > > ssl vpn open source" (without the quotes) seems to show up some > > > possibilities. > > Yep, but all of them based on fact, that it works under Linux. For > > example, here are script (jvpn.pl), which emulates browser, but it > > loads Linux-specific share object from browser plugin (libncui.so) and > > calls Linux binary (ncsvc), and it will not natively work under FreeBSD. > > > > Linux emulator is my last resort, but maybe, here are some other ways? > > > Not that work reliably. I know someone who had to use a Juniper VPN > solution and got it working under Linux without any binary plugins, > but he went on vacation and when he came back a couple of weeks later > he couldn't get it working again and struggled for days before giving up > and running Windows in a VM. > > As best I understand it, it's a standard IPSEC VPN, but getting past the > authentication to get to the IPSEC session is the tricky part. > > Regards, > > Gary You might want to try https://www.shrew.net/download/ike - it claims to support Juniper secure gateways and runs on FreeBSD. I have no idea if it works or not. Regards, Gary