[Discuss] Juniper VPN's

[Tom Metro]

Matt Shields wrote:
> Anyone using the Juniper SA series VPN's?

We're working with a client that uses a Juniper VPN. (We hate
proprietary VPNs. What's worse is they have it configured to prevent
split networking.)

We've found that there are per-user settings on the server side that
controls what sort of client you are fed (Java) or what sort of
connection it expects. With OS X you have a choice between the older
Network Connect client and the newer Junos Pulse, which you mentioned.
I'm pretty sure you can't arbitrarily switch between these on the client
side. The server settings have to be switched to match.

Similarly, we're using OpenConnect as the client on Linux machines, and
before that would work our accounts needed to be switch to "Linux mode"
as the Windows admin called it.

According to what I've read, OpenConnect will run on OS X, and gives you
a lot greater control over the connection (like the ability to force
split networking). However, to get Juniper functionality working you
really need to build the bleeding edge version of OpenConnect, and even
then might still need to apply a patch posted to the OpenConnect mailing
list. (We've been involved in a few threads on the list. I can send you
a link to the patch if you need it.)

The funny thing about these proprietary VPNs is that they give the
perception of being easier to use for the non-techie Windows users, yet
then tend to be significantly time consuming to work with for power
users. Open source has taken over most fields. Why are VPNs still a
holdout? Is there not a super easy OpenVPN client for Windows yet? I
know there is commercial support for OpenVPN.

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/