Re: [Discuss] Juniper VPN's
I ended up telling them to open a ticket with Juniper and they were able to get their web based vpn portal to work with OS X. I guess it was an issue where the web portal wasn't telling OS X browsers to launch java properly. Matt On Thu, Jun 11, 2015 at 4:35 PM, Tom Metro tmetro+...@gmail.com wrote: Matt Shields wrote: Anyone using the Juniper SA series VPN's? We're working with a client that uses a Juniper VPN. (We hate proprietary VPNs. What's worse is they have it configured to prevent split networking.) We've found that there are per-user settings on the server side that controls what sort of client you are fed (Java) or what sort of connection it expects. With OS X you have a choice between the older Network Connect client and the newer Junos Pulse, which you mentioned. I'm pretty sure you can't arbitrarily switch between these on the client side. The server settings have to be switched to match. Similarly, we're using OpenConnect as the client on Linux machines, and before that would work our accounts needed to be switch to Linux mode as the Windows admin called it. According to what I've read, OpenConnect will run on OS X, and gives you a lot greater control over the connection (like the ability to force split networking). However, to get Juniper functionality working you really need to build the bleeding edge version of OpenConnect, and even then might still need to apply a patch posted to the OpenConnect mailing list. (We've been involved in a few threads on the list. I can send you a link to the patch if you need it.) The funny thing about these proprietary VPNs is that they give the perception of being easier to use for the non-techie Windows users, yet then tend to be significantly time consuming to work with for power users. Open source has taken over most fields. Why are VPNs still a holdout? Is there not a super easy OpenVPN client for Windows yet? I know there is commercial support for OpenVPN. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA Predictable On-demand Perl Consulting. http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields All the download links I've found are behind Juniper's locked down download site. If they're paying you, or anyone else doing work over that thing, they should pay Juniper for a support contract. Even if there weren't incompatibility problems (as there obviously are) there continue to be security flaws that require patching. But I assume you've already told them that, and you must be volunteering your time? ;-) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
It's a paid contact, but I'm working on their Linux servers, not their network. Their answer is everyone just goes to the web portal to log in. I don't think they have any Mac or Linux users, only Win, so that works for them. If I do need to purchase anything it will be billed back to them, unfortunately I don't believe you can just purchase the Java Secure Application Manager without having purchased one of their VPN appliances. And this company doesn't know enough to open a ticket with Juniper to get the software or log in to download it. Matt On Thu, Jun 11, 2015 at 8:44 AM, Edward Ned Harvey (blu) b...@nedharvey.com wrote: From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of Matt Shields All the download links I've found are behind Juniper's locked down download site. If they're paying you, or anyone else doing work over that thing, they should pay Juniper for a support contract. Even if there weren't incompatibility problems (as there obviously are) there continue to be security flaws that require patching. But I assume you've already told them that, and you must be volunteering your time? ;-) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
Matt Shields wrote: Anyone using the Juniper SA series VPN's? We're working with a client that uses a Juniper VPN. (We hate proprietary VPNs. What's worse is they have it configured to prevent split networking.) We've found that there are per-user settings on the server side that controls what sort of client you are fed (Java) or what sort of connection it expects. With OS X you have a choice between the older Network Connect client and the newer Junos Pulse, which you mentioned. I'm pretty sure you can't arbitrarily switch between these on the client side. The server settings have to be switched to match. Similarly, we're using OpenConnect as the client on Linux machines, and before that would work our accounts needed to be switch to Linux mode as the Windows admin called it. According to what I've read, OpenConnect will run on OS X, and gives you a lot greater control over the connection (like the ability to force split networking). However, to get Juniper functionality working you really need to build the bleeding edge version of OpenConnect, and even then might still need to apply a patch posted to the OpenConnect mailing list. (We've been involved in a few threads on the list. I can send you a link to the patch if you need it.) The funny thing about these proprietary VPNs is that they give the perception of being easier to use for the non-techie Windows users, yet then tend to be significantly time consuming to work with for power users. Open source has taken over most fields. Why are VPNs still a holdout? Is there not a super easy OpenVPN client for Windows yet? I know there is commercial support for OpenVPN. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA Predictable On-demand Perl Consulting. http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
When I installed OpenVPN years ago, the Windows client Just Worked (once I fed it the cert). I probably still have the detailed install instructions I wrote back then, somewhere. Mostly to make 100% sure I did not have to repeat myself 50 times. *Drew Van ZandtArtisan's Asylum Board of DirectorsFirefly Arts Collective Board of Directors* On Thu, Jun 11, 2015 at 4:35 PM, Tom Metro tmetro+...@gmail.com wrote: Matt Shields wrote: Anyone using the Juniper SA series VPN's? We're working with a client that uses a Juniper VPN. (We hate proprietary VPNs. What's worse is they have it configured to prevent split networking.) We've found that there are per-user settings on the server side that controls what sort of client you are fed (Java) or what sort of connection it expects. With OS X you have a choice between the older Network Connect client and the newer Junos Pulse, which you mentioned. I'm pretty sure you can't arbitrarily switch between these on the client side. The server settings have to be switched to match. Similarly, we're using OpenConnect as the client on Linux machines, and before that would work our accounts needed to be switch to Linux mode as the Windows admin called it. According to what I've read, OpenConnect will run on OS X, and gives you a lot greater control over the connection (like the ability to force split networking). However, to get Juniper functionality working you really need to build the bleeding edge version of OpenConnect, and even then might still need to apply a patch posted to the OpenConnect mailing list. (We've been involved in a few threads on the list. I can send you a link to the patch if you need it.) The funny thing about these proprietary VPNs is that they give the perception of being easier to use for the non-techie Windows users, yet then tend to be significantly time consuming to work with for power users. Open source has taken over most fields. Why are VPNs still a holdout? Is there not a super easy OpenVPN client for Windows yet? I know there is commercial support for OpenVPN. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA Predictable On-demand Perl Consulting. http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
On Thu, Jun 11, 2015 at 4:35 PM, Tom Metro tmetro+...@gmail.com wrote: The funny thing about these proprietary VPNs is that they give the perception of being easier to use for the non-techie Windows users, yet then tend to be significantly time consuming to work with for power users. Open source has taken over most fields. Why are VPNs still a holdout? Is there not a super easy OpenVPN client for Windows yet? I know there is commercial support for OpenVPN. It's been my experience that OpenVPN works great on Linux, Windows, MacOS, ans iOS. I don't have an Android device to try it on, but I'd be surprised if it didn't work great there, too. I deployed OpenVPN at a company I used to work for, and never had a problem with it for four years. Unfortunately, the company decided to consolidate all their IT infrastructure worldwide, and the new CIO they hired basically ripped out all the Linux servers in the US office and replaced them with the same Windows infrastructure they had at the main office in Europe. OpenVPN in particular was deemed unsuitable because its licensing costs were zero. -- John Abreau / Executive Director, Boston Linux Unix Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Juniper VPN's
On Thu, Jun 11, 2015 at 05:53:08PM -0400, John Abreau wrote: Unfortunately, the company decided to consolidate all their IT infrastructure worldwide, and the new CIO they hired basically ripped out all the Linux servers in the US office and replaced them with the same Windows infrastructure they had at the main office in Europe. OpenVPN in particular was deemed unsuitable because its licensing costs were zero. If anyone finds themselves in a similar predicament in the future, I can arrange for high-value site licenses for most free and open source software. They often come with significant redistribution terms, but I believe you'll find that the total cost of ownership is quite reasonable. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss