recentpopularlog in

kme : vpn   48

SSH tunnelling for fun and profit: Autossh
<code class="language-bash">autossh -M 0 -f -T -N cli-mysql-tunnel</code>

And make sure that you have set some value for 'ServerAliveInterval' and 'ServerAliveCountMax':
Unfortunately, this is not too handy, as it must be made sure both ports (the specified one and the one directly above) a free (not used). So in order to overcome this problem, there is a better solution:

ServerAliveInterval and ServerAliveCountMax – they cause the SSH client to send traffic through the encrypted link to the server. This will keep the connection alive when there is no other activity and also when it does not receive any alive data, it will tell AutoSSH that the connection is broken and AutoSSH will then restart the connection.


For example:

<code class="language-bash">autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3"</code>
automation  ssh  sshtunnelling  vpn  remoteaccess  reference  solution 
august 2019 by kme
OpenConnect VPN client. | https://www.infradead.org/
On Linux, it's possible to create its tun device in advance. For example:
<code class="language-bash">
# ip tuntap add vpn0 mode tun user dwmw2
</code>

This creates a device vpn0 which can be opened by user dwmw2 who can pass traffic to/from it without needing any elevated privileges. You can now tell OpenConnect to use that device by adding "-i vpn0" to its command-line arguments. Note that the /dev/net/tun device node should be readable and writeable by everyone. (Some distributions misconfigure that, so if it isn't world-writeable then please file a bug against your distribution.)
vpn  cisco  anyconnect  linux  networking  sysadmin  maybesolution 
july 2019 by kme
security - Can VPN steal passwords from client? - Super User
However, if you install software from the VPN provider on your computer, that may enable them to set up their own certificate as a trusted signing authority and use it to spoof SSL domains. If you want to be entirely safe, only use a VPN that you can connect to with your OS's standard VPN client -- don't install any of their software. – Mike Scott Jun 22 '15 at 20:09
security  vpn  privacy 
june 2017 by kme
GitHub - sovereign/sovereign: A set of Ansible playbooks to build and maintain your own private cloud: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.
* IMAP over SSL via Dovecot, complete with full text search provided by Solr.
* POP3 over SSL, also via Dovecot
* SMTP over SSL via Postfix, including a nice set of DNSBLs to discard spam before it ever hits your filters.
* Virtual domains for your email, backed by PostgreSQL.
* Spam fighting via Rspamd.
* Mail server verification using DKIM and DMARC so the Internet knows your mailserver is legit.
* Secure on-disk storage for email and more via EncFS.
* Webmail via Roundcube.
* Mobile push notifications via Z-Push.
* Email client automatic configuration.
* Jabber/XMPP instant messaging via Prosody.
* An RSS Reader via Selfoss.
* CalDAV and CardDAV to keep your calendars and contacts in sync, via ownCloud.
* Your own private storage cloud via ownCloud.
* Your own VPN server via OpenVPN.
* An IRC bouncer via ZNC.
* Monit to keep everything running smoothly (and alert you when it’s not).
* collectd to collect system statistics.
* Web hosting (ex: for your blog) via Apache.
* Firewall management via Uncomplicated Firewall (ufw).
* Intrusion prevention via fail2ban and rootkit detection via rkhunter.
* SSH configuration preventing root login and insecure password authentication
* RFC6238 two-factor authentication compatible with Google Authenticator and various hardware tokens
* Nightly backups to Tarsnap.
* Git hosting via cgit and gitolite.
* Read-it-later via Wallabag
* A bunch of nice-to-have tools like mosh and htop that make life with a server a little easier.
ansible  selfhosted  cloud  provisioning  sysadmin  email  chat  security  vpn  bookmarking 
february 2017 by kme
Pulse Secure Article: KB26679 - [Pulse] Prevent automatic startup of Pulse Secure client for Mac OS X
I still get the error "/Library/LaunchAgents/net.pulsesecure.pulsetray.plist: Could not find specified service".

Fuck you PulseSecure.
launchctl unload –w /Library/LaunchAgents/net.juniper.pulsetray.plist
junos  juniper  pulsesecure  vpn  annoyance  mac  osx  launchd  maybesolution 
december 2016 by kme
Setting up Junos Pulse VPN Client - Powered by Kayako Help Desk Software
This page actually has download links to the Junos Pulse clients. Good luck finding those anywhere on the vendor's web site.
junospulse  juniper  networkconnect  fuckfuckfuck  vpn  remoteaccess  solution  mac  osx 
september 2016 by kme
Juniper Networks Network Connect, SecurID and 64 bit linux | Constant Contact Tech Blog - http://techblog.constantcontact.com/
The requirements are:
gcc-multilibs
32bit zlib
xterm (yes really)
python
python headers (python-devel)
sudo access
java plugin
The script and elementtidy ( located here: https://github.com/crimsonknave/juniperncprompt )
juniper  vpn  pulse  networking  annoyance  linux  maybesolution 
december 2015 by kme
Junos Pulse uninstalls itself on MacOS X!
cat "/Applications/Junos Pulse.app/Contents/Resources/watchpath"
juniper  junospulse  vpn  mac  osx  misery  troubleshooting  networking 
october 2014 by kme
Is it possible to script the Network connect? - J-Net Community
There is a command line option for Windows:



C:\Program Files\Juniper Networks\Network Connect 6.2.0>nclauncher /?

nclauncher [-url Url] [-u username] [-p password] [-r realm] [-help] [-stop] [-signout] [-version] [-d DSID] [-cert client certificate]



For example:

nclauncher.exe -url https://sa.testing.com -u giantsUser -p password123 -r Users
juniper  junos  networkconnect  scripting  automation  windows  vpn  networking  solution 
october 2014 by kme
Find out what the realm is for a Juniper Connect VPN session? - Stack Overflow
The realm is usually your company name. You can "programmatically" find the realm by getting the value of the hidden realm element in the page you usually login. say for example you are logging into http://yourcompany.com. you will see the user login page. now open the page source in the browser and search for realm. you will find a hidden element. Your relam is the value in the hidden element.
juniper  networkconnect  vpn  remoteaccess  solution 
october 2014 by kme
Junos Pulse Automatically Opens at Startup. | Apple Support Communities
launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist


Possible source: http://forums.juniper.net/t5/SSL-VPN/Disable-auto-start-of-Junos-Pulse-on-OS-X-10-9/td-p/237772

Here's how to load/unload the PulseTray service on-demand (I put this in an Automator app):
-- Source: https://discussions.apple.com/thread/1365914
property checkInterval : 30 -- interval to check process

on run
do shell script "launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist &>/dev/null &"
-- What this actually runs is "/Applications/Junos Pulse.app/Contents/Plugins/JamUI/PulseTray.app/Contents/MacOS/PulseTray"
delay checkInterval
tell application "Junos Pulse" to activate -- start it up
delay checkInterval -- initial delay before idle
end run

on idle
tell application "System Events"
if (exists application process "Junos Pulse") then return checkInterval -- check again later
end tell
-- application is not running, so run script here
do shell script "launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist &>/dev/null &"
quit
end idle


And here's how to load just the tray application (which is basically all the launch service does anyway):
open -a '/Applications/Junos Pulse.app/Contents/Plugins/JamUI/PulseTray.app'
juniper  junos  junospulse  vpn  mac  osx  menuextra  trayicon  annoyance  solution 
september 2014 by kme
HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper - Page 54
The *actual* problem I was having was, firstly 'xterm' wasn't installed, so NCLinuxLauncher (in the .icedtea cache) couldn't prompt me for the root password to install the rest of the VPN software, including 'ncsvc' which is installed SUID root. The UI just bombed here with no error message.

Then, the next problem was just that my home directory was encrypted, so the SUID executable wouldn't run (I noted this when I tried to run it from the terminal, but it didn't click until I read this post). I moved 'ncsvc' to somewhere in /usr/local and created a symlink as described here and then it worked.

The instructions at http://kb.juniper.net/InfoCenter/index?page=content&id=KB25230 might have been important in getting ia32-libs and a 32-bit JRE installed, but I didn't find that the Oracle/Sun "official" JRE was required.
junipervpn  vpn  java  jre  linux  ubuntu  solution  fuckyeah 
june 2014 by kme
HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper - Page 45
The *actual* problem I was having was first that 'xterm' wasn't installed, then that my home directory was encrypted. I moved 'ncsvc' to somewhere in /usr/local and created a symlink as described at http://ubuntuforums.org/showthread.php?t=232607&page=54&s=a9286ab698d5d578503300d549c6a720 and then it worked.

The instructions at http://kb.juniper.net/InfoCenter/index?page=content&id=KB25230 might have been important in getting ia32-libs and a 32-bit JRE installed, but I didn't find that the Oracle/Sun "official" JRE was required.
junipervpn  vpn  java  jre  linux  ubuntu  notheproblemihad  reference 
june 2014 by kme
Juniper Networks - [SSL VPN/MAG] How to install the 32 bit Network Connect client on 64 bit Linux platforms - Knowledge Base
I think I needed to:

sudo apt-get install ia32-libs
sudo apt-get install openjdk-7-jdk:i386
sudo apt-get install xterm

as well. Then, after xterm was installed, it could prompt me for root to install ~/.juniper_networks/network_connect/ncsvc as SUID root. Which wouldn't run out of my encrypted home folder, so after I moved it somewhere else and created a symlink *back*, I was in business.
linux  java  junipervpn  vpn  maybesolution  32on64 
june 2014 by kme
Juniper Networks - [SSL VPN/MAG] How to install the 32 bit Network Connect client on 64 bit Linux platforms - Knowledge Base
sudo apt-get install openjdk-7-jdk:i386
# and, maybe:
sudo apt-get install ia32-libs

It got me closer, but the Network Connect application crashes a few seconds after opening. Found out later that this was due to 'ncsvc' being SUID root and stored in ~/.juniper_networks/network_connect wouldn't run because my home directory was encrypted. Moving it to somewhere in /usr/local (as suggested here: http://ubuntuforums.org/showthread.php?t=232607&page=54&s=a9286ab698d5d578503300d549c6a720) fixed the problem.
networking  linux  vpn  almostsolution  junipervpn  java  jre  32or64 
june 2014 by kme
How Marissa Mayer Figured Out Work-At-Home Yahoos Were Slacking Off - Business Insider
Last week, Yahoo banned employees from working from home.

How did CEO Marissa Mayer decide to make such a controversial decision?

According to a source, the only way Mayer is comfortable making any decision: with the help of data.

Like a lot of companies, Yahoo has something called a Virtual Private Network or VPN. Remote workers can use it to securely log into Yahoo's network and do work.

(LifeHacker has a really good explanation of what a VPN is.)

After spending months frustrated at how empty Yahoo parking lots were, Mayer consulted Yahoo's VPN logs to see if remote employees were checking in enough.

Mayer discovered they were not — and her decision was made.
remotework  vpn  workingfromhome  slackingoff  datadriven  yahoo 
march 2013 by kme

Copy this bookmark:





to read