2010-10-06 // VPN KIT (former Uni Karlsruhe): use it with Ubuntu Linux
Connecting to university VPNs is always… fun. This is also true for the KIT VPN, especially because there is so much outdated information out there. E.g. there is no more Cisco compatible endpoint1) but tons of vpnc tutorials! You have to use the Juniper Networks software jnc now.
Installation
However… it worked after all. The IT guys were friendly enough to put helpful information at the online help. 
But to make it even easier, here are a my hints to get the KIT University Karlsruhe VPN connection running:
- Make sure you got a working Java RE. I used
sun-java6-jre, therefore I don't know if it runs with OpenJDK. - If you are running a 64bit Ubuntu,2) you need some 32bit wrapper libraries for
jnc:sudo apt-get install libc6-i386 lib32z1 lib32nss-mdns
- Open a terminal, download and untar the
jncarchive the KIT VPN help provides for Linux:cd ~ wget https://www.scc.kit.edu/scc/sw/juniper/7.0/linux_vpn_7.0.tar.gz
- Extract the archive and remove it afterwards:
tar -xzf linux_vpn_7.0.tar.gz rm linux_vpn_7.0.tar.gz
- There should be a
juniper_linuxdirectory within your home dir now. Change into it and run the includedvpn-install.shscript:cd ~/juniper_linux ./vpn-install.sh
Simply follow the instructions (e.g. you have to enter your RZ username).
- Make sure
jncis executable:sudo chmod a+xr /usr/local/bin/jnc
- You can remove the temporary
juniper_linuxdirectory now:rm -rf ~/juniper_linux
That's it.
Usage
To establish the connection, open a terminal and type jnc -n kit. The program should start and prompt you for your account's password. Example output:
user@computer:~$ jnc -n kit Server certificate verified and CN is vpn.kit.edu. Saving in /home/user/.juniper_networks/network_connect/config/vpn.kit.edu.der. Password: Connecting to vpn.kit.edu : 443. Waiting for ncsvc for 3 seconds... done ncsvc is running, but tunnel is not established yet. Waiting for 3 seconds... done. ncsvc is running in background (PID: 2448): tunnel interface tun0, addr: 141.3.193.37
You can use jnc stop to close the VPN connection. Example output:
user@computer:~$ jnc stop ncsvc is running, sending signal... terminated. user@computer:~$
2011-10-25: Updated the installation instructions, there is a new VPN software version (7.0).
vpnc does not work!uname -m prints out x86_64, you are running a 64bit UbuntuComments
Dear Andreas!
Thanks a lot for that easy guide! Getting the KIT-vpn work made me almost crazy - until I found your blog… well done!
@ Peter: I got it working under Maverick 64 Bit - did you check that your NC.jar file is executable?
jnc is working in manual mode. but if i try to start it via ifupdown/guessnet/ifplugd on my 32-bit laptop, i get an error: /usr/local/bin/jnc -l 5 -n -c /root/.juniper_networks/network_connect/config kit Server certificate verified and CN is vpn.kit.edu. Saving in /root/.juniper_networks/network_connect/config/vpn.kit.edu.der. Connecting to vpn.kit.edu : 443. Execution of NC.jar/ncsvc failed. Failed to bring up unbekannt.
ncsvc is not started at all, there is no update of ncsvc.log at least. the rights are set as shown below: -rw——- 1 root root 50629 2011-07-08 12:33 NC.jar -rws–s–x 1 root root 1225424 2011-07-08 12:33 ncsvc
Someone knowing what's wrong?
Thanks, swuska
@swuska: Sorry, I don't have access to the KIT VPN anymore (so I can't try what may goes wrong at your system). But since 2011-09-19, there is a new VPN software version (News, Download). I updated the installation instructions. Hope that helps.
Thanks for your reply, but I already use the new version and like I mentioned, the manual invocation of jnc works well. Only if jnc is startet via ifupdown, the error occurs. The responsible entry in /etc/network/interfaces :
iface unbekannt inet dhcp
post-up /usr/local/bin/jnc -l 5 -n -c /root/.juniper_networks/network_connect/config kit
pre-down /usr/local/bin/jnc stop
swuska
@swuska: Just a shoot in the dark: Does /root/.juniper_networks/network_connect/config really exist? As far as I can see, the installation script creates the .juniper_networks directory within the homedir of the calling user, not in root's home. Therefore, you may try to replace the /root/.juniper_networks/ with /home/<your username>/.juniper_networks/
I installed as root, so my setting was correct. But I installed as user too for testing, with same error in result. “ifup eth0” as user is not possible (not enough rights), nevertheless i don't think it would lead to a solution of the problem.
I assume, the invocation of jnc/ncsvc via ifupdown is responsible, but i don't know how to get more details, cause i already set ifup and jnc to verbose mode.
swuska
hey man..thanks a million..I have been trying to read through the German webpage and get my laptop running from home but with no success….ur webpage worked wonders in minutes and solved my problem…!..cheers..live long and prosper… !..
On 64-bit Fedora I installed glibc.i686 libgcc.i686 libSM.i686 libXi.i686 zlib.i686 and it worked. Java was no problem for me.
Leave a comment…
- E-Mail address will not be published.
- Formatting:
//italic// __underlined__
**bold**''preformatted'' - Links:
[[http://example.com]]
[[http://example.com|Link Text]] - Quotation:
> This is a quote. Don't forget the space in front of the text: "> "
- Code:
<code>This is unspecific source code</code>
<code [lang]>This is specifc [lang] code</code>
<code php><?php echo 'example'; ?></code>
Available: html, css, javascript, bash, cpp, … - Lists:
Indent your text by two spaces and use a * for
each unordered list item or a - for ordered ones.
nice tut :) can you tell me how I can run jnc in ubuntu 64-bit (maverick)? I get the error message “Execution of NC.jar/ncsvc failed.” and I found out, that ncsvc needs to be sudo-ed…