Juniper VPN issues

David Woodhouse dwmw2 at infradead.org
Mon May 9 06:26:52 PDT 2016


On Mon, 2016-05-09 at 22:47 +0930, O'Connor, Daniel wrote:
> 
> I definitely have IP access, I can browse shares and SSH to a box
> inside the network.
> 
> After connection I end up at..
> https://vpnhost/dana/home/sessions.cgi
> 
> The 'network connect' button goes to this URL
> https://vpnhost/dana/nc/ncrun.cgi?launch_nc=1
> 
> It does run a rat ware program when using IE (via ActiveX I assume).
> If I try Chrome it wants to install Java and I haven't tried that
> yet.
> 
> If I connect with Openconnect and then use Safari it dumps me out to
> the login page, some viewing of the page source shows that it blocks
> Macs on purpose (probably a mod by the IT dept..?).
> 
> Even using IE (in a VM on OSX) gets booted back to the login page so
> I wondered if it needed the DSID cookie set. I had a quick go with
> py-mechanize and I could fetch the Network Connect page after setting
> DSID, DSASSERTREF and DSFirstAccess (cribbed from OC debug output).
> 
> I've run out of time to do more on it tonight - I'll have to try
> again later.
> 
> 
> Thanks for the help so far :)

You should probably try to get their NC client working under OSX (or
maybe Linux would be easier), then watch all the HTTPS traffic between
it and the server, and see what it's doing that OpenConnect isn't.

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160509/d1c12a7c/attachment-0001.bin>


More information about the openconnect-devel mailing list