I successfully set up Dynamic VPN (http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-dynamic-vpn.html) and can connect from linux (Ubuntu 12.04) with modified vpnc (https://github.com/ndpgroup/vpnc). All works fine, but I have some troubles with routes. When vpnc connected, in linux box routing table installed default route to tun0. Thats why I doesn't have access to internet (I need to delete default route manualy and install new default route and routes to protected networks). Is there any way to configure (SRX or vpnc client) don't touch default route and only install routes to remote protected locations automaticaly.
Not your linux guy, but from working with MAG, you would need a feature called split tunelling. Only traffic to protected network go through the tunell and Internet traffic will use local connection. I do not know how to set tat up on linux or the linux client being used.
Split tunnelling depends on the route that you add to the user's protected network list.
Please do not add 0/0 network to the protected network list of the vpn users.
Issue resolved. Details here: https://github.com/ndpgroup/vpnc/issues/1
Has anyone got a Linux Client (including vpnc beta) to connect to the SRX with aes instead of the default 3des/sha1?
The Juniper Windows Client connects as aes128/sha1 but VPNC only as 3des/sha1 either df2 or df5 group.
If I force the SRX to use aes128/sha1 or aes256/sha1 dh2 or dh5 the VPNC always fails the IKE.
Any solution for a Linux client and Juniper Dynamic VPN that works AES?