21 September, 2014

Juniper SRX Dynamic VPN with vpnc Ubuntu 13.10

Pretty simple really; we use Juniper SRXes (running Junos 11.4) with Dynamic VPN at work, and I use an Ubuntu laptop. All the patches to make vpnc work with the SRX are available, but for some reason haven’t made it into official source yet…

Step 1: Patch vpnc

apt-get source vpnc
sudo apt-get build-dep vpnc
wget https://github.com/ndpgroup/vpnc/commit/8f005fefbc8713535d59f95e3abee8a45b05399a.patch
cd vpnc-0.5.3r512
patch < ../8f005fefbc8713535d59f95e3abee8a45b05399a.patch
dpkg-buildpackage -rfakeroot -uc -b
sudo dpkg -i ../vpnc_0.5.3r512-2ubuntu1_amd64.deb

Step 2: Patch network-manager-vpnc, because it’s not Ubuntu if it’s not a GUI! 😉

I’ve adapted the patch for NetworkManager from the version found here.

apt-get source network-manager-vpnc
sudo apt-get build-dep network-manager-vpnc
wget https://gist.githubusercontent.com/jlaundry/cbf79311bc46fcf6c626/raw/f142f086032c66b19fb182c2933ced139271275f/network-manager-vpnc_0.9.6.0-0ubuntu2-juniper.patch
patch < network-manager-vpnc_0.9.8.2-1ubuntu1-juniper.patch
cd network-manager-vpnc-
dpkg-buildpackage -rfakeroot -uc -b
sudo dpkg -i ../network-manager-vpnc-gnome_0.9.8.2-1ubuntu1_amd64.deb

Step 3: Create a NetworkManager script

wget https://raw.github.com/ndpgroup/juniper-srx-linux/master/jam-config
chmod u+x jam-config
./jam-config addr vpn.example.com user joe pass joespwd | sudo tee /etc/NetworkManager/system-connections/MyVPN

Finally, reboot your machine to flush out the old, non-Juniper-friendly NetworkManager, and you’re away!