Juniper VPN issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 9 May 2016, at 18:05, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Mon, 2016-05-09 at 17:57 +0930, O'Connor, Daniel wrote:
>> 
>> The default route is definitely set to the VPN, and I do see traffic
>> flowing over to it but no reply.
> 
> What services? Do you even get a SYNACK in response to outgoing SYN
> packets? If so, and it's just *data* that fails, try reducing the MTU
> on the 'tun0' interface?

No, no ACK :(

> It sounds like a firewall or something is preventing your traffic. Are
> you connecting to the *same* services that work with the NC client? 

I have a link in my Lotus Notes client (seriously...) that goes to the same URL I put into open connect.

> Do you definitely end up with actual IP routing? Can you do a similar
> capture with that client and see what's different? 
> 
> Or are you perhaps using it in its application proxy mode, when you do
> it through the web browser?

I definitely have IP access, I can browse shares and SSH to a box inside the network.

After connection I end up at..
https://vpnhost/dana/home/sessions.cgi

The 'network connect' button goes to this URL
https://vpnhost/dana/nc/ncrun.cgi?launch_nc=1

It does run a rat ware program when using IE (via ActiveX I assume). If I try Chrome it wants to install Java and I haven't tried that yet.

If I connect with Openconnect and then use Safari it dumps me out to the login page, some viewing of the page source shows that it blocks Macs on purpose (probably a mod by the IT dept..?).

Even using IE (in a VM on OSX) gets booted back to the login page so I wondered if it needed the DSID cookie set. I had a quick go with py-mechanize and I could fetch the Network Connect page after setting DSID, DSASSERTREF and DSFirstAccess (cribbed from OC debug output).

I've run out of time to do more on it tonight - I'll have to try again later.


Thanks for the help so far :)

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux