# Juniper works from FF but not via ncsvc

## mahdi1234

Hi,

our company moved from Cisco to Juniper and I'd like to have VPN connection started via script so I can route only necessary traffic thru tun.

I can successfully connect to Juniper via Firefox, however running it from cli gives following (replaced real values with fake ones) -

```

./ncsvc -h xyz.xxx.com -u user -p password -r Realm -f ~/my_cert.crt -L 5 

```

ncsvc.log

```

20081004175423.224318 ncsvc[1182] dsclient.info <-- 200  (authenticate.cpp:168)

20081004175423.224337 ncsvc[1182] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:329)

20081004175423.224356 ncsvc[1182] dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:136)

20081004175423.224520 ncsvc[1182] http_connection.para Entering state_start_connection (http_connection.cpp:277)

20081004175423.252941 ncsvc[1182] http_connection.para Entering state_continue_connection (http_connection.cpp:294)

20081004175423.253010 ncsvc[1182] http_connection.para Entering state_ssl_connect (http_connection.cpp:463)

20081004175423.311349 ncsvc[1182] dsssl.para SSL connect ssl=0x81b4888/sd=5 connection using cipher RC4-MD5 (DSSSLSock.cpp:460)

20081004175423.311598 ncsvc[1182] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:471)

20081004175423.343729 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)

20081004175423.343786 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)

20081004175423.344509 ncsvc[1182] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800)

20081004175423.344539 ncsvc[1182] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833)

20081004175423.344564 ncsvc[1182] dsclient.info <-- 200  (authenticate.cpp:168)

20081004175423.344587 ncsvc[1182] dsclient.error state post auth cache cleaner failed, error 10 (dsclient.cpp:331)

20081004175423.344801 ncsvc[1182] ncapp.error Failed to authenticate with IVE. Error 10 (ncsvc.cpp:187)

20081004175423.344829 ncsvc[1182] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72)

```

Would anyone know how to fix this?

```

$ ./ncsvc -v

Juniper Network Connect Server for Linux.

Version         : 1.2

Release Version : 6.0-0-Build13149

Build Date/time : May 15 2008 14:30:17

Copyright 2002-2007 Juniper Networks

```

```

uname -a

Linux mahdi 2.6.19-gentoo-r5 #7 SMP PREEMPT Mon Oct 1 20:11:31 CEST 2007 i686 Intel(R) Pentium(R) M processor 1700MHz GenuineIntel GNU/Linux

```

thanks,

mahdi

----------

## KWhat

Ok i spent a lot of time messing around with this because I never knew i could start this thing from the command line.

First i assume you were able to connect via the site, have tun probed and probably rpm installed.  Also i have no idea how you installed the program.

Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application.  I had some minor issues with the realm but that caused a different error that what you revived.

So I guess my question to you is how did you install?  Did you use the script above, did you hack it manually?

----------

## mahdi1234

Thanks KWhat for looking into this - here's my answers

 *KWhat wrote:*   

> 
> 
> First i assume you were able to connect via the site, have tun probed and probably rpm installed.  Also i have no idea how you installed the program.
> 
> 

 

Yes, I can connect via browser no problem, tun device runing. On first login via browser it installed required libraries into ~ folder.

 *KWhat wrote:*   

> 
> 
> Now with that said I used this script http://mad-scientist.us/junipernc to "install" the command line app, after that i was able to run the application.  I had some minor issues with the realm but that caused a different error that what you revived.
> 
> So I guess my question to you is how did you install?  Did you use the script above, did you hack it manually?
> ...

 

I followed steps described here - http://www.juniperforum.com/index.php/topic,5455.0.html - will try the script in the evening as I'm at different machine at the moment.

----------

## mahdi1234

I've tried the script, but still getting the same error :(

I've doublechecked all values several times and they are corretly defined in the script itself.

----------

## KWhat

The ive errors i was getting prior to this working were related to two issues.  Invalid Realm and Invalid Cert.  I would double check both, make sure you get your realm off the web page you sign in at.

One more interesting tidbit of information:

 *Quote:*   

> You will encounter this mysterious error if you have /etc and /tmp mounted on different partitions.  I typically mount /tmp as a separate partition so that random users and processes can't fill my whole root disk.  Guess I won't be doing that until Juniper releases a fix for this.

 

----------

