Juniper Network Connect on Arch Linux

Stupid juniper has one of the worst thing ever to connect to their VPN. Juniper Network Connect for linux includes a bunch of scripts (for installations), jar files (for various GUI and logging facility), and native code (for manipulating the network stacks) with dependencies to some very old libs. And guess what, they are all lib32. To make it work cleanly on a 64bit linux machine requires lots of google, downloads, and various fixing and hacking. Hopefully, this entry summarizes it all and make a decent reference document.

Installation:

1. Install jre 7 32 bit, any version. Recommended Oracle JRE instead of OpenJRE

2. ln -s /path/to/jre/lib/i386/libnpjp2.so $HOME/.mozilla/plugin/

3. Install whatever packages containing route and ifconfig
   On archlinux, it means the net-tools
4. Install lib32-xrender, which is needed by the stupid GUI

Now, my system is a 64bit archlinux. You need to edit /etc/pacman.conf, and uncomment the multi-lib section to allow multilib to be installed. 

1. Grab the bin32-jre from AUR, do a quick makepkg -s --asroot to install them
2. link only for local user. The others may not need jre 32bit
3. pacman -S net-tools
4. pacman -S lib32-libxrender

Configuration:

1. Get the ncLinuxApp.jar
2. Get your VPN gateway cert + Realm
3. Configure ncsvc
4. Run it

1. Get ncLinuxApp.jar

Go to your VPN gateway with firefox. The reason why we link the 32bit jre is for firefox to start and download ncLinuxApp.jar for you. Login with your username/password combination, and click the "Start" button to start the download. You may have to agree to run the app from your gateway. Once the app is finished running, you should see a $HOME/.juniper_network/ directory with all the downloaded content

2. Get VPN cert and Realm

Again, visit your VPN gateway. Now, right-click on the page, and select "View Page Info". Click on the Security Tab.

Now, click View Certificate; then Details, then Export. Now, save that cert using DER format. 

Close all poped up windows. Stay at the VPN gateway, right click and 'View source'. Ctr-F to find "realm". This will show your Realm

3. Configure ncsvc

Now, open up a terminal. cd into $HOME/.juniper_networks. You will see ncLinuxApp.jar. Use your favorite tool to unzip that. You will find NC.jar and ncsvc.

• sudo chown root:root ncsvc
• sudo chmod 4755 ncsvc

You may need to ldd ncsvc to make sure you have all the libraries installed.
That's it

4. Run and connect:

cd into your Juniper App directory.

/path/to/jre32/bin/java -jar NC.jar -h your.vpn.gw

-u username -f /path/to/certificate -r "your realm" -L 5

You can cleanly script the last few three steps to make it more robust. However, I find that a little overkill