From owner-freebsd-net@FreeBSD.ORG Mon Sep 15 17:22:34 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ABA43601 for ; Mon, 15 Sep 2014 17:22:34 +0000 (UTC) Received: from mx2.shrew.net (mx2.shrew.net [38.97.5.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A8292F1 for ; Mon, 15 Sep 2014 17:22:33 +0000 (UTC) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx2.shrew.net (8.14.7/8.14.7) with ESMTP id s8FH0CCV042914 for ; Mon, 15 Sep 2014 12:00:12 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (rrcs-50-84-127-134.sw.biz.rr.com [50.84.127.134]) by mail.shrew.net (Postfix) with ESMTPSA id 95FA218B016 for ; Mon, 15 Sep 2014 12:00:03 -0500 (CDT) Message-ID: <54171B47.7080008@shrew.net> Date: Mon, 15 Sep 2014 12:00:55 -0500 From: Matthew Grooms User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: Juniper Secure Access SSL VPN access from FreeBSD? References: <54170619.4040508@FreeBSD.org> <20140915160253.GA51285@in-addr.com> <54171003.3090001@FreeBSD.org> <20140915162005.GB51285@in-addr.com> <20140915164845.GC51285@in-addr.com> In-Reply-To: <20140915164845.GC51285@in-addr.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mx2.shrew.net [10.24.10.11]); Mon, 15 Sep 2014 12:00:12 -0500 (CDT) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 17:22:34 -0000 On 9/15/2014 11:48 AM, Gary Palmer wrote: > On Mon, Sep 15, 2014 at 05:20:05PM +0100, Gary Palmer wrote: >> On Mon, Sep 15, 2014 at 08:12:51PM +0400, Lev Serebryakov wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>> On 15.09.2014 20:02, Gary Palmer wrote: >>> >>>>> If I want to connect to my workstation at $work, I'm forced to >>>>> use Juniper Secure Access SSL VPN + rdesktop. I connect to our >>>>> office JunOS gateway with browser, and run RDesktop from it. But >>>>> it requires to use supported OS (Windows / MacOS X / Linux), as >>>>> tunnel is created via binary browser plugin. >>>>> >>>>> Is it possible to emulate this on FreeBSD? rdesktop from ports >>>>> should work as client, as I access standard Windows system, but I >>>>> need some way to emulate this VPN tunnel. Is it possible? >>>> Did you try any of the results from Google? Search for "juniper >>>> ssl vpn open source" (without the quotes) seems to show up some >>>> possibilities. >>> Yep, but all of them based on fact, that it works under Linux. For >>> example, here are script (jvpn.pl), which emulates browser, but it >>> loads Linux-specific share object from browser plugin (libncui.so) and >>> calls Linux binary (ncsvc), and it will not natively work under FreeBSD. >>> >>> Linux emulator is my last resort, but maybe, here are some other ways? >> >> Not that work reliably. I know someone who had to use a Juniper VPN >> solution and got it working under Linux without any binary plugins, >> but he went on vacation and when he came back a couple of weeks later >> he couldn't get it working again and struggled for days before giving up >> and running Windows in a VM. >> >> As best I understand it, it's a standard IPSEC VPN, but getting past the >> authentication to get to the IPSEC session is the tricky part. >> >> Regards, >> >> Gary > You might want to try https://www.shrew.net/download/ike - it claims to > support Juniper secure gateways and runs on FreeBSD. I have no idea if it > works or not. > As I understand it, Juniper has an 'SSL' VPN product that has nothing to do with IPsec. Juniper abandoned it's IPsec based client in favor of it's newer 'SSL' based client some time ago. The Shrew Soft product only supports IPsec based connectivity and is compatible with SSG/SRX systems. Hope this helps, -Matthew