On Mon, Sep 14, 2009 at 6:53 PM, patrick keshishian <pkesh...@gmail.com> wrote: > > On Mon, Sep 14, 2009 at 5:44 PM, Johan Beisser <j...@caustic.org> wrote: > > On Mon, Sep 14, 2009 at 5:39 PM, patrick keshishian <pkesh...@gmail.com> > > wrote: > >> I didn't want to hijack the other VPN thread for this purpose, so here > >> is a new thread. Anyone know much about how Juniper SSL-VPN networks > >> work? > > > > It's a java based client that's run on the "client-side" and forwards > > specified packets through a tunnel interface. It's not that different > > from OpenVPN. > > ahhh... Do you know if there are any open-source clients that are able > to connect through their service? I'm unable to google any specifics > on what "protocol" they use, or rather what their java app does after > it is launched. Is it safe to assume it is a closed and proprietary > solution? > > I am hoping some clever person has figured out how to roll her own > equivalent of their java app using openssl/s_client or similar.
The company i work for uses it. Its not that different from mature ipsec vpn's - ssl is simply how the encryption is handled. The client is configured by the central admin to enforce whatever policy is requested (ours checks to make sure you run an acceptable host based AV and firewall, blocks any post-connect changes to routing table, allows split tunnelling only to the local subnet, etc). There is no rolling your own client with ours, but it would be possible if the admin of the VPN was very lenient (you can lock it down to only allow certain versions of the client software etc or leave it wide open and if it were wide open you could probably write something to fool it. HOwever, no administrator should allow users to access a vpn (no matter what flavor) using anything besides approved software since that is the only way they have of being sure their policies are being followed.
