I can’t imagine life without a VPN. A working VPN is – arguably – the epitome of how technology can enhance the life of a software/IT professional. For techies, a VPN can prevent the need to drive to the office in the middle of the night to address a software emergency (HUGE), and it affords a level of work flexibility unheard of in the pre-internet days. Additionally, it does so while maintaining a fairly high level of security. Note the key word working! A non functional VPN epitomizes another quality of technology – it can be downright frustrating and make you want to toss a laptop through a window.
Eons ago, when the company I work for numbered four employees, the systems administrator and I decided to setup remote access. We installed OpenVPN (http://openvpn.net/). It worked great, had a nifty windows client, and integrated seamlessly with Linux. OpenVPN served us well for many years.
As time progressed, the business grew (considerably) and the security needs slowly started to change. This continued up until about year ago when IT decided it was time to enhance the network. Part of that upgrade included a dedicated Juniper VPN. On paper the Juniper looked great. It supported Linux and the granularity of control was almost dizzying. The Windows folks loved it, and the Linux based dev team was enthusiastic as well. That is, until we tried to install it on Linux. Come to find out the phrase supports Linux really means runs on 32 bit Linux only! What follows is how we installed it on 64 bit Ubuntu:
I started with a clean install (from ISO) of Ubuntu
[email protected]:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric
Next, installed all the updates:
sudo apt-get update sudo apt-get upgrade
A kernel update appeared after rebooting. That update was installed, followed by another reboot.
An intense session of Google-Fu indicated the Juniper client is tied to a few 32 bit java libraries. This means we’ll need to install 32 bit java, which in turn requires a number of low level 32 bit libraries. Install those libraries now. As you can see, the dependency tree is fairly deep:
[email protected]:~/apps/firefox$ sudo apt-get install ia32-libs [sudo] password for rich: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: gcc-4.6-base:i386 ia32-libs-multiarch:i386 lib32asound2 lib32bz2-1.0 lib32ffi6 lib32gcc1 lib32ncurses5 lib32ncursesw5 lib32stdc++6 lib32tinfo5 lib32z1 libacl1:i386 libattr1:i386 libaudio2:i386 libavahi-client3:i386 libavahi-common-data:i386 libavahi-common3:i386 libc6:i386 libc6-i386 libcomerr2:i386 libcups2:i386 libcupsimage2:i386 libcurl3:i386 libdb5.1:i386 libdbus-1-3:i386 libdrm-intel1:i386 libdrm-nouveau1a:i386 libdrm-radeon1:i386 libdrm2:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libgcrypt11:i386 libgdbm3:i386 libgl1-mesa-dri:i386 libgl1-mesa-glx:i386 libglapi-mesa:i386 libglib2.0-0:i386 libglib2.0-data libgnutls26:i386 libgpg-error0:i386 libgssapi-krb5-2:i386 libice6:i386 libidn11:i386 libjpeg62:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 liblcms1:i386 libldap-2.4-2:i386 libllvm2.9:i386 libmng1:i386 libnspr4:i386 libnss3:i386 libpciaccess0:i386 libpcre3:i386 libpng12-0:i386 libqt4-dbus:i386 libqt4-declarative:i386 libqt4-designer:i386 libqt4-network:i386 libqt4-opengl:i386 libqt4-qt3support:i386 libqt4-script:i386 libqt4-scripttools:i386 libqt4-sql:i386 libqt4-svg:i386 libqt4-test:i386 libqt4-xml:i386 libqt4-xmlpatterns:i386 libqtcore4:i386 libqtgui4:i386 librtmp0:i386 libsasl2-2:i386 libsasl2-modules:i386 libselinux1:i386 libsm6:i386 libsqlite3-0:i386 libssl1.0.0:i386 libstdc++6:i386 libtasn1-3:i386 libtiff4:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 libxdamage1:i386 libxdmcp6:i386 libxext6:i386 libxfixes3:i386 libxi6:i386 libxrender1:i386 libxss1:i386 libxt6:i386 libxxf86vm1:i386 zlib1g:i386 Suggested packages: lib32asound2-plugins nas:i386 glibc-doc:i386 locales:i386 cups-common:i386 rng-tools:i386 libglide3:i386 gnutls-bin:i386 krb5-doc:i386 krb5-user:i386 liblcms-utils:i386 pciutils:i386 libqt4-declarative-folderlistmodel:i386 libqt4-declarative-gestures:i386 libqt4-declarative-particles:i386 libqt4-declarative-shaders:i386 qt4-qmlviewer:i386 libqt4-dev:i386 qt4-qtconfig:i386 libsasl2-modules-otp:i386 libsasl2-modules-ldap:i386 libsasl2-modules-sql:i386 libsasl2-modules-gssapi-mit:i386 libsasl2-modules-gssapi-heimdal:i386 Recommended packages: ia32-libs-multiarch libglib2.0-data:i386 libqt4-sql-mysql:i386 libqt4-sql-odbc:i386 libqt4-sql-psql:i386 libqt4-sql-sqlite:i386 The following NEW packages will be installed: gcc-4.6-base:i386 ia32-libs ia32-libs-multiarch:i386 lib32asound2 lib32bz2-1.0 lib32ffi6 lib32gcc1 lib32ncurses5 lib32ncursesw5 lib32stdc++6 lib32tinfo5 lib32z1 libacl1:i386 libattr1:i386 libaudio2:i386 libavahi-client3:i386 libavahi-common-data:i386 libavahi-common3:i386 libc6:i386 libc6-i386 libcomerr2:i386 libcups2:i386 libcupsimage2:i386 libcurl3:i386 libdb5.1:i386 libdbus-1-3:i386 libdrm-intel1:i386 libdrm-nouveau1a:i386 libdrm-radeon1:i386 libdrm2:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libgcrypt11:i386 libgdbm3:i386 libgl1-mesa-dri:i386 libgl1-mesa-glx:i386 libglapi-mesa:i386 libglib2.0-0:i386 libglib2.0-data libgnutls26:i386 libgpg-error0:i386 libgssapi-krb5-2:i386 libice6:i386 libidn11:i386 libjpeg62:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 liblcms1:i386 libldap-2.4-2:i386 libllvm2.9:i386 libmng1:i386 libnspr4:i386 libnss3:i386 libpciaccess0:i386 libpcre3:i386 libpng12-0:i386 libqt4-dbus:i386 libqt4-declarative:i386 libqt4-designer:i386 libqt4-network:i386 libqt4-opengl:i386 libqt4-qt3support:i386 libqt4-script:i386 libqt4-scripttools:i386 libqt4-sql:i386 libqt4-svg:i386 libqt4-test:i386 libqt4-xml:i386 libqt4-xmlpatterns:i386 libqtcore4:i386 libqtgui4:i386 librtmp0:i386 libsasl2-2:i386 libsasl2-modules:i386 libselinux1:i386 libsm6:i386 libsqlite3-0:i386 libssl1.0.0:i386 libstdc++6:i386 libtasn1-3:i386 libtiff4:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 libxdamage1:i386 libxdmcp6:i386 libxext6:i386 libxfixes3:i386 libxi6:i386 libxrender1:i386 libxss1:i386 libxt6:i386 libxxf86vm1:i386 zlib1g:i386 0 upgraded, 100 newly installed, 0 to remove and 0 not upgraded. Need to get 74.5 MB of archives. After this operation, 259 MB of additional disk space will be used.
The Juniper VPN is initiated from a web browser. The browser uses the java plug-in (libnpjp2.so) to initiate the VPN by calling Juniper java libraries that are installed when the VPN is first accessed. Unfortunately, the 32 bit java plug-in is not compatible with a 64 bit browser. So we need to install a 32 bit browser. I tried Chrome at first, but was never able to get it to work and settled for Firefox version 10. Download and install manually by unzipping the Firefox tar into any folder:
[email protected]:~/apps$ tar -xvf firefox-10.0.tar.bz2
Running as is spews a significant number of errors.
[email protected]:~/apps/firefox$ ./firefox /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so: wrong ELF class: ELFCLASS64 (firefox:4050): Gtk-WARNING **: Failed to load type module: /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so: wrong ELF class: ELFCLASS64 (firefox:4050): Gtk-WARNING **: Failed to load type module: /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so: wrong ELF class: ELFCLASS64 (firefox:4050): Gtk-WARNING **: Failed to load type module: /usr/lib/gtk-2.0/2.10.0/menuproxies/libappmenu.so (firefox:4050): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory (firefox:4050): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory (firefox:4050): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory (firefox:4050): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory (firefox:4050): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory
Despite the warnings, Firefox does start and will run fine. Warnings really bug (no pun intended) me and I tried cleaning them up. Setting this environment variable mitigates a few of them.
[email protected]:~/apps/firefox$ export GDK_PIXBUF_MODULE_FILE=/usr/lib32/gdk-pixbuf-2.0/2.10.0/loaders.cache
Now download Oracle’s flavor of java. I’m using jre-7u2-linux-i586.tar.gz, which can be unzipped anywhere. (I put them my user’s home directory). Once installed, set environment variables:
export JAVA_HOME=/home/rich/apps/java/jdk1.7.0_02 export PATH=/home/rich/apps/java/jdk1.7.0_02/bin:$PATH
And then link the java browser plug-in as described here:
http://www.oracle.com/technetwork/java/javase/manual-plugin-install-linux-136395.html
At this point, I was able to open Firefox, navigate to the VPN site, watch the VPN libraries auto-install, and then access the VPN. Not quite as streamlined as the simple right click in the system tray I enjoyed with OpenVPN, but it does work. Good luck!
I’m still learning from you, while I’m trying to achieve my goals. I definitely liked reading all that is posted on your blog.Keep the information coming. I liked it!
There square measure scores of totally different LINUX VPN server packages obtainable on the web these days. Initially look this would possibly really sound sort of a sensible factor. With lots of various software packages to choose from, one would possibly suppose that it makes putting in your own VPN abundant easier or higher. However, the reality is it really makes it a euphemism of lots harder and confusing. LINUX may be a extremely popular operating system for servers, and if you’re trying to line up a VPN of your own that runs one among the numerous variations of the operating system obtainable these days, then I powerfully suggest that you simply see link.