SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Dynamic VPN on Linux

    Posted 10-23-2013 07:23

    I successfully set up Dynamic VPN (http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-dynamic-vpn.html) and can connect from linux (Ubuntu 12.04) with modified vpnc (https://github.com/ndpgroup/vpnc). All works fine, but I have some troubles with routes. When vpnc connected, in linux box routing table installed default route to tun0. Thats why I doesn't have access to internet (I need to delete default route manualy and install new default route and routes to protected networks). Is there any way to configure (SRX or vpnc client) don't touch default route and only install routes to remote protected locations automaticaly.


    #linux
    #SRX
    #vpnc
    #dynamicVPN


  • 2.  RE: Dynamic VPN on Linux

    Posted 10-23-2013 13:30

    Not your linux guy, but from working with MAG, you would need a feature called split tunelling. Only traffic to protected network go through the tunell and Internet traffic will use local connection. I do not know how to set tat up on linux or the linux client being used.



  • 3.  RE: Dynamic VPN on Linux

    Posted 10-23-2013 22:25
    I don't think that this a client related issue. When I connect to Cisco router it doesn't rewrite default route, only routes to protected networks installed.


  • 4.  RE: Dynamic VPN on Linux

    Posted 11-12-2013 02:02

    Hi ,

     

    Split tunnelling depends on the route that you add to the user's protected network list.

     

    Please do not add 0/0 network to the protected network list of the vpn users.

     

    Regards,

    rparthi



  • 5.  RE: Dynamic VPN on Linux
    Best Answer

    Posted 11-12-2013 02:10

    Issue resolved. Details here: https://github.com/ndpgroup/vpnc/issues/1



  • 6.  RE: Dynamic VPN on Linux

    Posted 04-09-2015 07:12

    Hi

    Has anyone got a Linux Client (including vpnc beta) to connect to the SRX with aes instead of the default 3des/sha1?

    The Juniper Windows Client connects as aes128/sha1 but VPNC only as 3des/sha1 either df2 or df5 group.

     

    If I force the SRX to use aes128/sha1 or aes256/sha1 dh2 or dh5 the VPNC always fails the IKE.

     

    Any solution for a Linux client and Juniper Dynamic VPN that works AES?

     

    Thanks

    Nick