Lorne +30
-
So...I need a browser with a java plugin to access the VPN at work. Firefox 52 removed NPAPI plugins entirely except for flash. Except you can make the ESR version do more by hacking
about:config
by addingplugin.load_flash_only
=false
.So...I've manually installed FF 52 ESR and I ain't updating it any more.
-
In a perfect world, eliminating NPAPI plugins makes sense. Unfortunately, that perfect world doesn't exist.
-
In a perfect world,
eliminatingnever having NPAPI plugins in the first place makes sense.
-
@boomzilla said in Lorne +30:
So...I need a browser with a java plugin to access the VPN at work.
They don't even support Java Web Start as an alternative? In 2017? Please name and shame the vendor.
-
@asdf Juniper Network Connect 8.1R9.1
-
@boomzilla
There are ways to connect to a Juniper VPN without having to use a Java applet. Unfortunately, I don't remember how exactly I did it last time I had to do that, but I think there was some "native client" (JAR) you can use instead.
-
@asdf For Linux? Actually, the truth of how I connect is TRWTF. Because it actually wants 32-bit java, which is really just a way to start up the native library. Which fails, because I use 64-bit java for my actual work.
But there is a workaround:
http://makefile.com/.plan/2009/10/juniper-vpn-64-bit-linux-an-unsolved-mystery/
Also, before you can get the cookie that you need to actually login, it runs some sort of host checker java program (which does seem to run in 64-bits just fine). But of course that only runs after you've entered your credentials, which includes (for me) a token from a one time password generator.
I have a bash script that periodically pings a server on the vpn and kills and restarts the vpn when it dies, which can happen fairly often (though some days it never does). But this is actually better than running the client "normally" with 32-bit java, because that would never actually notice that the connection had dropped and pick it back up again for some reason, though the Windows version seems to do that.
-
@boomzilla We're using Juniper as well... I can only access the mac client on our network otherwise I'd send it to you. Anyway, the tool is called "Pulse Secure", and it is at least supposed to be available for linux:
-
Huh maybe I should try using this method for local business banking idiocy next time someone asks about it... My current solution is FF42 with updates turned off.
-
@boomzilla Oh, yeah, that brings back horrible memories. I hacked together some workaround for that 32-bit Java problem as well back then.
UnfortunatelyFortunately, I've forgotten the details.
-
@Mikael_Svahnberg Hmm...I doubt I'll be able to get them to let people have that (because it doesn't look like there's a free download for the client). Corporate IT is very unhappy about doing anything that isn't officially supported.
-
@boomzilla
We use PSC here, and my understanding is it's downloadable from the web portal of the Juniper Pulse gateway itself, at least for Windows. Assuming your Pulse Gateway is up to date enough to be running a version that has Linux version support, I'd expect you should be able to download it from the web portal, assuming your VPN role has permissions to use the PSC.
-
Also, the tags on this thread:
Add up to 52.:illuminati:
-
We use PSC here, and my understanding is it's downloadable from the web portal of the Juniper Pulse gateway itself, at least for Windows.
Ours appears to be custom. The web page has no mention of Juniper or pulse or anything like that. Just the company name and the stuff you'd use to actually login.
-
@boomzilla said in Lorne +30:
We use PSC here, and my understanding is it's downloadable from the web portal of the Juniper Pulse gateway itself, at least for Windows.
Ours appears to be custom. The web page has no mention of Juniper or pulse or anything like that. Just the company name and the stuff you'd use to actually login.
So does ours, but your IT department ought to have ... different... access.
Side note: When I last set up a new machine on our VPN I spent like half a day following the official instructions and troubleshooting why it didn't work until I finally succumbed and talked to our IT dept. Their answer: "Doing it by the official instructions has not worked for years. I'll send you a link to the PulseSecure app."
-
@boomzilla
Yeah, the actual PSC client is part of a specific role...ugh, gotta do work to look it up, can't remember the name... under Resource Policies > VPN Tunneling. My user account isn't enabled for any VPN access, so I get a really bland, empty home page when I log in... but if your account does have permissions for VPN Tunneling, you should see the PSC download link when you log in.
-
@izzion What part of "there's nothing at all like that on the page" was unclear?
I have no idea what "Resource Policies > VPN Tunneling" means.
-
@Mikael_Svahnberg Huh! Last time I looked I swear Pulse Secure wasn't available for Linux, or it was the Host Checker component that wasn't. I'm going to have to try again to get that to work; my work laptop is like 15 pounds and I really want to use my 1.6lb detachable instead.
-
@boomzilla
If your system administrator enables your role forVPN Tunneling(in the process of gathering the screenshot, I found I was being too narrow, the PSC client isn't specific to that role service) the Pulse Secure client, then you should see a link on the page after you log in.The fact that you do not currently see the link means that your system administrator needs to do work spit in order to enable the PSC client for you.
-
@boomzilla said in Lorne +30:
I have no idea what "Resource Policies > VPN Tunneling" means.
I would assume configuration on the gateway.
-
And I thought anyconnect was bad.
-
@PleegWat At least there's a plugin for NetworkManager if you're plagued by anyconnect, so you can be free of it on Linux at least.
-
@boomzilla
If your system administrator enables your role forVPN Tunneling(in the process of gathering the screenshot, I found I was being too narrow, the PSC client isn't specific to that role service) the Pulse Secure client, then you should see a link on the page after you log in.are you talking about?
The fact that you do not currently see the link means that your system administrator needs to do work spit in order to enable the PSC client for you.
What is that screenshot?
-
Ugh...this also kills Google Voice in FF. So now I'm back to using hangouts, which is too retarded to play audio through my speakers even when it's configured to use my headset.
-
@boomzilla
Mr. IT guy at my workplace who manages the Pulse gateway, can you please enable the Pulse Secure client for the VPN role of which I am a member?
Sure! navigates to above screen
The needful has been done, please log in to the VPN portal again to download the software
Ugh, but that's work.
-
@boomzilla
On the admin / configuration page of the gateway, you get there by going under Users > User Roles and then selecting a specific role (the name of which shows up in the area I redboxed out for doxxy reasons).
-
@boomzilla said in Lorne +30:
So now I'm back to using hangouts, which is too retarded to play audio through my speakers even when it's configured to use my headset.
Ahh...going to the mixer I was able to move the channel from the speakers to the headset. Fuck you chrome.
-
@boomzilla
Mr. IT guy at my workplace who manages the Pulse gateway, can you please enable the Pulse Secure client for the VPN role of which I am a member?
Sure! navigates to above screenNo, that's not supported.
The needful has been done, please log in to the VPN portal again to download the software
Ugh, but that's work.Also, I doubt enabling anything like that would enable some new link, but who knows?
-
@boomzilla said in Lorne +30:
Corporate IT is very unhappy about doing anything that isn't officially supported.
Then maybe they should stop using a product that itself relies on unsupported standards.
-
And I thought anyconnect was bad.
Juniper's failures don't make anyconnect any less user-hostile. Nuke that shit from Orbit!
-
@anonymous234 said in Lorne +30:
Then maybe they should stop using a product that itself relies on unsupported standards.
MAYBE
-
@boomzilla said in Lorne +30:
Ahh...going to the mixer I was able to move the channel from the speakers to the headset. Fuck you chrome.
Ffffuck...but the mic doesn't work. Shit...that used to work. Maybe I need to do the same hack with that.
-
@PleegWat At least there's a plugin for NetworkManager if you're plagued by anyconnect, so you can be free of it on Linux at least.
True, it's only really workable with openconnect to the point where that's the first advice given in case of trouble on the internal linux support list. And I don't think cisco contributes to openconnect.
-
-
There are ways to connect to a Juniper VPN without having to use a Java applet.
Yeah, there's GOT to be an ActiveX plug-in, too.
-
Besides, who needs VPN. You set up one desktop with local access. Mabel sits by that computer. You ring up Mabel.
{ring ring}
Hi, Mabel. I need to do something on the server.
One second, let me put on my computering glasses.
{loooooooooong pause}
Okay, what do you need?
I need to restart the monitoring service.
Sure, sure, sure. How do I do that?
Run the Group Policy editor, find--
Whoa there, slow down. I ain't no Seer-ee. Spell this out for me.
Click start.
............................... {click}
Click run
............................. {click}
Type gpedit.msc
.................................. ........................ G....................................................P.....................
...................................... C
sweet christmasnow click OK.
I'll just grab the mouse and {click} oops my arthritis kicked up again, got the shakes, and clicked somewhere else. That run box is gone. We'll need to start again.
{dies of old age}
-
@Lorne-Kates said in Lorne +30:
{dies of old age}
Wait, why does @boomzilla age out before Mabel? He's been around since the dinosaurs, so it would seem that he can't die of old age. He needs to have his house collapse on him instead, or something.
-
He needs to have his house collapse on him instead
I'd say it's more likely that he dies on his porch while watching his lawn.
-
@asdf Y'all should be so lucky.
-
You're all I'm pretty sure we used Shrew Soft VPN Client with our Juniper gateway
-
@dangeRuss Last updated 2013...hmm....that's not a good sign.
-
@boomzilla said in Lorne +30:
that's not a good sign.
It's a better sign than anything involving 32-bit Java.
-
Wait, why does @boomzilla age out before Mabel?
Mabel lives out of pure spite.
-
-
@loopback0 said in Lorne +30:
Ia Mabel just a code name for Lorne?
More likely: Ma Lorne
Explains soooo much!
-
@Lorne-Kates said in Lorne +30:
Besides, who needs VPN. You set up one desktop with local access.
No one gets local access without VPN here! Hardwired internal network? Still need VPN.
-
@boomzilla said in Lorne +30:
@dangeRuss Last updated 2013...hmm....that's not a good sign.
You mean stable software that doesn't have any bugs?
-
@dangeRuss said in Lorne +30:
You mean stable software that doesn't
have any bugs?close the CIA backdoors?FTFY
-
@dangeRuss said in Lorne +30:
You mean stable software that doesn't
have any bugs?close the CIA backdoors?FTFY
Why would CIA need backdoors in this VPN product when everyone else is using 32bit java? Shirley that has more 0 days.
-
@dangeRuss
Offense in depth.And Shirley may be cheap, but she's not easy.