Skip to main content

Juniper Network Connect on Mac OS X Snow Leopard

Juniper Network Connect is a very popular VPN client for corporate networks. It bootstraps from a Java applet and has native versions for Windows, Linux and Mac, and works very well. Unfortunately, it seems that Mac OS X 10.5 Leopard and 10.6 Snow Leopard have some issues caused by a dodgy installation program.

One common way to make it work is to enable the root user and log in with full admin privileges under OS X and install it that way. This is a sledgehammer approach to a fairly simple problem, opens up security issues, and didn't even work for me. I won't even bother exploring that route in this blog post. There are a couple of other things that can be done to make it work, though.

If you upgraded from a previous version of OS X and already had the Network Connect client installed, you may just be suffering a simple permissions issue. These instructions are for Network Connect 6.2.0, but they might well work with other versions with a tweak. From Terminal, run the following commands: 

    sudo mkdir -p /usr/local/juniper/nc/6.2.0
    sudo chmod 755 /usr/local/juniper/nc/6.2.0
    sudo mkdir /Applications/Network\ Connect.app/Contents/Frameworks

This restores some broken permissions and a missing directory that Snow Leopard seems to consider unnecessary. Once you've done this, fire up Network Connect and you're good to go.

On the other hand, if you're already running Snow Leopard and you haven't yet installed Network Connect, it might be dying halfway through installation after authentication. This is because an Apple provided Java update changed the default Sun password from 'changeit' to 'changeme' in the global keystore. This simple little change means that authenticating Java applets to install software locally is broken. More information about this problem can be found in the Juniper knowledge base, article KB16134.

The fix is very simple, and involves changing the Java password back to 'changeit'. Open up a terminal and run the following command: 

sudo keytool -storepasswd -new changeit -keystore \
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/\
Contents/Home/lib/security/cacerts \ 
-storepass changeme

Note that you should copy that as one big command. The backslashes are continuation characters to tell it to continue the same command. Also note that you shouldn't put any spaces between "Deploy.bundle/" and "Contents". Once this is done, Network Connect should just burst into life.

Comments

Post a Comment

Popular posts from this blog

Sheffield CAMRA 35th Steel City Beer Festival!

The first weekend of October has rolled around, so once again it is time for the Sheffield CAMRA Steel City Beer Festival. Now in its 35th year, the festival has seen a lot of change in the recent past. After the terrifying ordeal that was the Darnall Liberal Club, standing out in a field with beer seems like a much nicer proposition. Unfortunately, reviews of the 34th festival were tainted with dissatisfaction, both with the venue and the organisation as a whole. I didn't attend last year, but I attended this year with some trepidation. Thankfully, the whole event was better run than I had been led to believe, but not without its fair share of hiccups. Two marquees provided more indoor space, the place didn't smell like a donkey sanctuary, and the beer tasted great. There were around a hundred beers to try, and thirty ciders, so even more than some previous years. After a couple of false starts, our little troop of merry drinkers (myself, Emma and Chris) finally arrived at
Post a Comment
Read more

iPhone OS 3.0.1 fixes SMS hijack bug

A lot of Apple haters have been rubbing their tiny hands with glee recently after news reports of a security flaw in the iPhone OS 3.0 that could allow hackers to "Hijack every iPhone in the world" . Many were quick to point out how slow Apple were for not releasing a patch, and many simply made it a soap box for "iPhone sucks, use Android" rants. However, on July 31st, Apple released iPhone OS 3.0.1, with a patch for this SMS issue. It installs easily enough, job done. Of course, not being privy to such information as how to hack my own phone with this exploit, I can't check if it does the job. Either way, there it is. A fix. More detail on the OS 3.0.1 release notes .
Post a Comment
Read more

Why won't I leave me alone!?

Sometimes I just wish I could ignore my brain so I might be able to concentrate for ten minutes.
2 comments
Read more