SUSE Conversations


Engaging The Juniper VPN SSL Client On A SUSE Box



By: kryptikos

April 18, 2008 2:01 pm

Reads:397

Comments:0

Rating:0

Engaging The Juniper VPN SSL Client On A SUSE Box

So they’ve done it again. You are cruising along using your most favorite VPN client when corporate up and decides it’s time to upgrade to a new VPN solution. My company recently did this. With Juniper VPN SSL being the chosen client I was tagged to assist with configuring the client on our Linux boxes. I quickly discovered that Juniper conducted their testing and built their Linux client solely for Red Hat based distributions (Red Hat, Fedora Core, CentOS).

With that in mind, the troubleshooting began with various Linux tools and browsing through log stamps as well as consulting the oracle (Google). I found that other folks had experienced the same frustrations. The Juniper VPN client would fail on install or deployment because it could not locate required library dependencies. Since each distribution tweaks their libraries for their build, it becomes an issue of figuring out which library should be linked. Thanks to a combination of utilizing strace to watch the process real-time, ldd to track which libraries the client was looking for, and observing other techniques, you can follow these few short steps and have your SUSE box up and running on the VPN tunnel in short order. Please note this technique utilizes the Juniper method of accessing the Java Network Connect client via a browser.

Step 1: Confirm you have the necessary elements.

Most likely you already have openssl installed. However, you will also need to confirm you have the openmotif-libs and libstdc++2.10-glibc2.2 (or higher) installed. These should have already been included by default when you installed your operating system. If you are not sure, you can quickly double check by querying your rpm database.

# rpm -qa | grep -i openssl

# rpm -qa | grep -i motif

# rpm -qa | grep -i libstdc

If it does not return any results you will need to head off to your install disk or the appropriate repository for the SUSE version you are running to obtain the package you are missing.

Step 2: Create softlinks to the appropriate encryption libraries.

I noticed while using strace that the Juniper client was looking for a host of libraries but particulary libssl.so.2 and libcrypto.so.2. It failed out when it could not locate them. Those particular library files are used by the Red Hat based distributions. Since SUSE has these shared objects, just listed under a different name, all we need to do is create two quick softlinks to redirect the client:

# ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.2

# ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.2

Step 3: Add X’s library directory and update the run-time linker.

The openmotif software interacts with the X window system and will call linked shared objects. To be sure that shared libraries are updated and are linked correctly there are two steps to perform:

Utilizing your favorite editor add the following line at the end of /etc/ld.so.conf:

/usr/X11R6/lib

Run ldconfig from the command prompt to update the links and current links cache file.

These three steps should have you up and rolling. Open your browser and point it to your VPN page. Login and click on “Network Connect”. The Juniper Java applet will kick off and prompt you for the root password. Afterwards the Network Connect applet should start up and you will see it connect, obtain an IP address and complete the tunnel. Hopefully Juniper will rectify building just one distribution based client soon. Until then, this should establish your VPN. Linux = more than one way to accomplish what you need.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: , ,
Categories: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS