Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenVPN and Juniper

3,957 views
Skip to first unread message

Jerome BENOIT

unread,
Aug 27, 2009, 11:00:12 PM8/27/09
to
Hello List,

can OpenVPN connect to a Juniper network ?

I have googled, but so far I got no clear answer.

Thanks inadvance,
Jerome
--
Jerome BENOIT
jgmbenoit_at_mailsnare_dot_net


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Jerome BENOIT

unread,
Aug 28, 2009, 6:50:13 AM8/28/09
to
Hello Mark,

Thanks for your remarks.

By Juniper I meant the Juniper VPN stuff (version 6.4.0):
I want to connect with my laptop from my home to my organization which
holds a Juniper VPN network via SSL.

I can with the Linux material furnished by Juniper
( http://www.rz.uni-karlsruhe.de/~iwr91/juniper ),
but this material is not designed in a Linux way
(in partilcular it allows regular users to mess system wide network
configuration files).

My current guess is that OpenVPN can do a far better job.

Thanks,
Jerome

Mark wrote:


> Jerome BENOIT wrote:
>> Hello List,
>>
>> can OpenVPN connect to a Juniper network ?
>>
>> I have googled, but so far I got no clear answer.
>

> Change the question Jerome.
>
> So an openvpn box is going to connect to something with an juniper
> sticker on it? Is that what you are saying? Well, it all depends on what
> model you are connecting too. Firewall stuff, most likely yeah. More
> details to give a less incoherent answer is appreciated.
>
> Or are you asking if a network, made with juniper hardware, can handle
> openvpn connections? Regardless of the brand (might as well be talking
> about cisco or alcatel) if it does IP it should be possible. You might
> trip over MTU if something funky has been done, but.. other than that I
> don't see any reason why a openvpn vpn won't work.
>
> ,Mark

Jochen Schulz

unread,
Aug 28, 2009, 8:20:09 AM8/28/09
to
Jerome BENOIT:

>
> can OpenVPN connect to a Juniper network ?

I don't think so. OpenVPN uses its own approach to establishing a VPN. I
would be very surprised if Juniper had copied it (or vice versa). You
need to find out whether Juniper invented something on their own or uses
standard protocols (PPtP, IPSec etc.) and use that.

J.
--
I frequently find myself at the top of the stairs with absolutely
nothing happening in my brain.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

signature.asc

Jerome BENOIT

unread,
Aug 28, 2009, 9:30:12 AM8/28/09
to
Thanks for the reply.

Jochen Schulz wrote:
> Jerome BENOIT:
>> can OpenVPN connect to a Juniper network ?
>
> I don't think so. OpenVPN uses its own approach to establishing a VPN. I
> would be very surprised if Juniper had copied it (or vice versa). You
> need to find out whether Juniper invented something on their own or uses
> standard protocols (PPtP, IPSec etc.) and use that.

Let say that on Max OS X, I can connect by using the PPtP protocol:
should it work ?

Thanks in advance,
Jerome

>
> J.

Jochen Schulz

unread,
Aug 28, 2009, 10:10:10 AM8/28/09
to
Jerome BENOIT:

> Jochen Schulz wrote:
>> Jerome BENOIT:
>>
>>> can OpenVPN connect to a Juniper network ?
>>
>> I don't think so. OpenVPN uses its own approach to establishing a VPN. I
>> would be very surprised if Juniper had copied it (or vice versa). You
>> need to find out whether Juniper invented something on their own or uses
>> standard protocols (PPtP, IPSec etc.) and use that.
>
> Let say that on Max OS X, I can connect by using the PPtP protocol:
> should it work ?

Should what work? Connecting with OpenVPN obviously doesn't work since
it doesn't use PPtP. But you can use ppp for that.

J.
--
I wish I could achieve a 'just stepped out of the salon' look more
often. Or at least once.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

signature.asc

Mark

unread,
Aug 29, 2009, 8:00:09 AM8/29/09
to
Jerome BENOIT wrote:
> Hello Mark,
>
> Thanks for your remarks.

de nada

> By Juniper I meant the Juniper VPN stuff (version 6.4.0):
> I want to connect with my laptop from my home to my organization which
> holds a Juniper VPN network via SSL.

I have never seen an successful implementation, although I wouldn't be
too surprised if there is somebody that did it. That said, I still don't
really understand why you would want to do such a thing.

> I can with the Linux material furnished by Juniper
> ( http://www.rz.uni-karlsruhe.de/~iwr91/juniper ),
> but this material is not designed in a Linux way
> (in partilcular it allows regular users to mess system wide network
> configuration files).

That might be a bit of stretch to put it that way.. but, then again,
there is little information to go on regarding your setup.

> My current guess is that OpenVPN can do a far better job.

You might be right. Now, I'm going to assume there is a Juniper setup
out there that you want to use and that you have full control over it.
That might be enough to setup some sort of an VPN up with that box at
your discretion, even if it's something totally different.
Putting up an box with OpenVPN next to the Jun would be even better,
although it results in a bit more effort to set it all up and to make it
work next/with the Jun.

Take a route that you feel comfortable with, and see if you can put it
on paper before you start tweaking of playing around, it will be time
consuming.

,Mark2

Jerome BENOIT

unread,
Aug 29, 2009, 9:40:08 AM8/29/09
to
Hi !

Mark wrote:
> Jerome BENOIT wrote:
>> Hello Mark,
>>
>> Thanks for your remarks.
>
> de nada
>
>> By Juniper I meant the Juniper VPN stuff (version 6.4.0):
>> I want to connect with my laptop from my home to my organization which
>> holds a Juniper VPN network via SSL.
>
> I have never seen an successful implementation, although I wouldn't be
> too surprised if there is somebody that did it. That said, I still don't
> really understand why you would want to do such a thing.

Because I want to have access to some clusters inside my organisation
from home, and the only way (with respect to the rules of the organisation)
is to fist connect to the Juniper network.

>
>> I can with the Linux material furnished by Juniper
>> ( http://www.rz.uni-karlsruhe.de/~iwr91/juniper ),
>> but this material is not designed in a Linux way
>> (in partilcular it allows regular users to mess system wide network
>> configuration files).
>
> That might be a bit of stretch to put it that way.. but, then again,
> there is little information to go on regarding your setup.

The organisation have a Juniper network (a Windows oriented VPN network), and
I want to connect to the network: the material installed by Juniper is closed-source.

>
>> My current guess is that OpenVPN can do a far better job.

My update current guess is that OpenVPN can not work with Juniper,
and this is very unfortunate.


>
> You might be right. Now, I'm going to assume there is a Juniper setup
> out there that you want to use and that you have full control over it.

I have no control over it: Juniper is controlled by my organization,
and my organization imposes strict rules.
Oterhwise I will just use ssh.

> That might be enough to setup some sort of an VPN up with that box at
> your discretion, even if it's something totally different.
> Putting up an box with OpenVPN next to the Jun would be even better,
> although it results in a bit more effort to set it all up and to make it
> work next/with the Jun.

I am ready to make some effort, in fact I thought to play with SSL SSH
(see -w option for ssh (OpenSSH)), but strict rules are imposed.

>
> Take a route that you feel comfortable with, and see if you can put it
> on paper before you start tweaking of playing around, it will be time
> consuming.
>
> ,Mark2
>
>

Jerome

--
Jerome BENOIT
jgmbenoit_at_mailsnare_dot_net


Tzafrir Cohen

unread,
Aug 30, 2009, 12:10:08 PM8/30/09
to
On Fri, Aug 28, 2009 at 04:07:09PM +0200, Jochen Schulz wrote:
> Jerome BENOIT:

> > Let say that on Max OS X, I can connect by using the PPtP protocol:


> > should it work ?
>
> Should what work? Connecting with OpenVPN obviously doesn't work since
> it doesn't use PPtP. But you can use ppp for that.

pptp-linux, you mean.

A few other relevant packages:

kvpnc - vpn clients frontend for KDE
network-manager-pptp - network management framework (PPTP plugin)
network-manager-pptp-gnome - network management framework (PPTP plugin)

--
Tzafrir Cohen | tza...@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tza...@cohens.org.il | | best
ICQ# 16849754 | | friend

Jerome BENOIT

unread,
Aug 30, 2009, 9:30:06 PM8/30/09
to
Thanks for your replies.

Finally I decided to play with the binary installed by juniper
when you connect to the Juniper network of my organization.
As the installation allows regular users to modify with root
privileges system configuration file, clearly some work have to be done.

Jerome

Tzafrir Cohen wrote:
> On Fri, Aug 28, 2009 at 04:07:09PM +0200, Jochen Schulz wrote:
>> Jerome BENOIT:
>
>>> Let say that on Max OS X, I can connect by using the PPtP protocol:
>>> should it work ?
>> Should what work? Connecting with OpenVPN obviously doesn't work since
>> it doesn't use PPtP. But you can use ppp for that.
>
> pptp-linux, you mean.
>
> A few other relevant packages:
>
> kvpnc - vpn clients frontend for KDE
> network-manager-pptp - network management framework (PPTP plugin)
> network-manager-pptp-gnome - network management framework (PPTP plugin)
>

--
Jerome BENOIT
jgmbenoit_at_mailsnare_dot_net

0 new messages