Le 27/12/2010 17:49, David Woodhouse a ?crit : > You'll have to start by showing us how the Juniper VPN works. Can you > show the traffic between client and server? Is it HTTP-based? Can you > point it at your own server or SSL MiTM proxy and show what it's > actually doing? OK, here is what I know about it (I can ask my network colleagues for details if needed). For the end-user, it works exactly like Cisco solution: web based interface only for http tunneling, and 'automatic' deployment of a native binary for other kind of network traffic. http://mad-scientist.us/juniper.html has a few screenshot of the interface, and additional informations about it. The binary is setuid, and creates a tun interface for vpn traffic. From ldd and strings output, it seems to be statically linked with openssl. I made it available as http://www.zarb.org/~guillomovitch/ncsvc Here is a network capture of a failed attempt to create the VPN. I'm a bit relunctant to post the successful attempt capture publicly, even if it seems to be https-only at first glance. I'd gladly try to set up an SSL proxy, but I'd need additional informations for this. I quickly checked openssl man page, it doesn't seem to be possible with it. However, googling point me to http://crypto.stanford.edu/ssl-mitm/. Is that the way to go ? -- BOFH excuse #197: I'm sorry a pentium won't do, you need an SGI to connect with us. -------------- next part -------------- A non-text attachment was scrubbed... Name: password.nok Type: application/octet-stream Size: 16049 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101228/dec0e31c/attachment-0001.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4251 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101228/dec0e31c/attachment-0001.p7s>
