Tuesday, 16 March 2010

Juniper Network Connect on Mac OS X Snow Leopard

Juniper Network Connect is a very popular VPN client for corporate networks. It bootstraps from a Java applet and has native versions for Windows, Linux and Mac, and works very well. Unfortunately, it seems that Mac OS X 10.5 Leopard and 10.6 Snow Leopard have some issues caused by a dodgy installation program.

One common way to make it work is to enable the root user and log in with full admin privileges under OS X and install it that way. This is a sledgehammer approach to a fairly simple problem, opens up security issues, and didn't even work for me. I won't even bother exploring that route in this blog post. There are a couple of other things that can be done to make it work, though.

If you upgraded from a previous version of OS X and already had the Network Connect client installed, you may just be suffering a simple permissions issue. These instructions are for Network Connect 6.2.0, but they might well work with other versions with a tweak. From Terminal, run the following commands:

    sudo mkdir -p /usr/local/juniper/nc/6.2.0
    sudo chmod 755 /usr/local/juniper/nc/6.2.0
    sudo mkdir /Applications/Network\ Connect.app/Contents/Frameworks

This restores some broken permissions and a missing directory that Snow Leopard seems to consider unnecessary. Once you've done this, fire up Network Connect and you're good to go.

On the other hand, if you're already running Snow Leopard and you haven't yet installed Network Connect, it might be dying halfway through installation after authentication. This is because an Apple provided Java update changed the default Sun password from 'changeit' to 'changeme' in the global keystore. This simple little change means that authenticating Java applets to install software locally is broken. More information about this problem can be found in the Juniper knowledge base, article KB16134.

The fix is very simple, and involves changing the Java password back to 'changeit'. Open up a terminal and run the following command:

sudo keytool -storepasswd -new changeit -keystore \
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/\
Contents/Home/lib/security/cacerts \ 
-storepass changeme

Note that you should copy that as one big command. The backslashes are continuation characters to tell it to continue the same command. Also note that you shouldn't put any spaces between "Deploy.bundle/" and "Contents". Once this is done, Network Connect should just burst into life.

No comments:

Post a Comment