Synopsis

# Install libs
sudo apt-get install libc6:i386 zlib1g:i386 libgtk2-perl libwww-perl

# Get files
wget https://raw.github.com/madscientist/msjnc/master/msjnc
wget http://mad-scientist.net/junipernc
chmod +x msjnc junipernc

# Using browser to download jar files from SSLVPN website

# Extract files
./msjnc

# Start VPN
junipernc --nojava


What's SSL VPN

VPN

A VPN (Virtual Private Network) is a way for people to access services in LAN (Local Area Network) behind NAT Firewall. For example, to connect to your office computer when you're at home or travelling.
There are many kinds of VPN you can use, like PPTP, OpenVPN, Cicso OpenConnect, and else.

SSL VPN

SSL VPN is one of them which was designed to be usable as long as you have a browser.
Some people consider it as the easiest way for users, but it's only true when all their users use M$ Windows, or when they provide enough cross-platform support.
Sadly Juniper SSLVPN solution (NetworkConnect client) doesn't have good-enough support for 64bit Linux. So we have to do some hacks.

Tools

You're ganna need these:

  • junipernc
  • msjnc
  • Browser (Firefox or Chromium)
  • Java (your original 64bit Java with browser plugin installed)
  • few really basic 32bit lib
  • some basic perl libs for GUI (to avoid using Java GUI which needs more 32bit support)

We'll be using junipernc in this case. It is a command line script which setup and run neccessary commands automatically.
msjnc is for extracting files we need.
Browser is only used for downloading Juniper's SSLVPN client NetworkConnect.
Java is only used for it's auto-install process. You can find another article about how to install Oracle Java HERE.

sudo apt-get install libc6:i386 zlib1g:i386
sudo apt-get install libgtk2-perl libwww-perl
wget https://raw.github.com/madscientist/msjnc/master/msjnc
wget http://mad-scientist.net/junipernc
chmod +x msjnc junipernc


Or you can download junipernc HERE and msjnc HERE.

Steps

Prepare Information

We need some info for our tool to login for us:

  • Network Connect URL or Server
  • username
  • Realm

Network Connect URL or Server is the url where you can see the login page in your browser.
In my case it looks like this:
Juniper-SSLVPN-Login-Page-with-input-fields



Settle Files

We need to get all needed files settled in your system.

1. Get .jar and files

Now login to the SSLVPN.
When you see Network Connect -> Start, just click the Start.
Juniper-SSLVPN-Network-Connect-Page

Click Permit at the page top to allow Java to run, keep clicking Yes. In the end it will fail and show an error about 32bit.
DON'T PANIC, it's normal as we're using 64bit system and the Java application wants 32bit.
Juniper-SSLVPN-Plugin-Install-Failed-Box

Check the folder in your home dir, you'll see ncLinuxApp.jar is laying right there:

bluet@clean:~$ ls -al .juniper_networks
總計 2032
drwxrwxr-x  2 bluet bluet    4096  3月 29 01:01 .
drwxr-xr-x 20 bluet bluet    4096  3月 29 01:00 ..
-rw-rw-r--  1 bluet bluet 2065489  6月 25  2014 ncLinuxApp.jar
-rw-rw-r--  1 bluet bluet      19  3月 29 01:01 whitelist.txt


2. Extract files

The tool msjnc can extract all the files we need from the original ncLinuxApp.jar

./msjnc

It will finish without any warning or message, but when you check the folder again, you'll see the difference.

bluet@Zorya:~$ find ~/.juniper_networks/
/home/bluet/.juniper_networks/
/home/bluet/.juniper_networks/networkconnect.gif
/home/bluet/.juniper_networks/network_connect
/home/bluet/.juniper_networks/network_connect/version.txt
/home/bluet/.juniper_networks/network_connect/libncui.so
/home/bluet/.juniper_networks/network_connect/xlaunchNC.sh
/home/bluet/.juniper_networks/network_connect/ncsvc
/home/bluet/.juniper_networks/network_connect/ncdiag
/home/bluet/.juniper_networks/network_connect/NC.jar
/home/bluet/.juniper_networks/network_connect/META-INF
/home/bluet/.juniper_networks/network_connect/META-INF/IMPORTED.RSA
/home/bluet/.juniper_networks/network_connect/META-INF/IMPORTED.SF
/home/bluet/.juniper_networks/network_connect/META-INF/MANIFEST.MF
/home/bluet/.juniper_networks/network_connect/installNC.sh
/home/bluet/.juniper_networks/network_connect/ncsvc.log
/home/bluet/.juniper_networks/network_connect/getx509certificate.sh
/home/bluet/.juniper_networks/getx509certificate.sh
/home/bluet/.juniper_networks/ncLinuxApp.jar


3. Use 32bit Java to run msjnc (Skip This if you don't want to install additional 32bit Java)

I don't want to install another HUGE Java in 32bit just for this.
I'm using a 240G SSD. It's fast but expensive, I really don't want to waste my disk space on the rarely used 32bit Java.
But if you insist, or you think you have bunches of disks to waste, waste electricity and network bandwidth, then do this. I can't stop you.
Otherwise, Don't Do This.

Install an additional 32bit Java:

sudo apt-get install openjdk-7-jdk:i386

msjnc has it's own GUI interface for users to easily control VPN connections, but it needs 32bit Java.
Now you can search Network Connect in your Dash.

Start VPN and Enjoy

Now let's setup the VPN and let it run.

Setup VPN

For Ubuntu 16.10 and later (Linux Kernel version 4.5 and above) please Run This Before Next Command due to a NetworkConnect bug. Solution from Kernel discussion thread.

echo 0 | sudo tee /proc/sys/net/ipv6/conf/default/router_solicitations

Run junipernc without 32bit Java

junipernc --nojava

You'll see GUI prompt boxes asking VPN info at the first time.
We have them ready in the first step, so just type them in.
Once finished, there will be a new network interface in your system.

bluet@clean:~$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.99.1.30  P-t-P:10.99.1.30  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:16363 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:20952021 (20.9 MB)  TX bytes:777393 (777.3 KB)

Now ping your office computer or check WhatIsMyIP, you're now in the VPN world.
Also you'll see VPN info stored in /.vpn.default.crt



Start VPN

Next time you want to start the VPN, just type the same command

junipernc --nojava

Enter the password, and you're ON.



Stop VPN

When you finished your works, use this command to kill VPN process to stop VPN

sudo killall ncsvc



I've spend hours figuring out how to make it work, and then whole night to double-check and write this article.
Hope this HOWTO can save your time, save a kitten and a tree.
Enjoy!