On Tue, Sep 15, 2009 at 5:59 AM, Henry Sieff <henry.si...@gmail.com> wrote: > On Mon, Sep 14, 2009 at 6:53 PM, patrick keshishian <pkesh...@gmail.com> > wrote: >> >> On Mon, Sep 14, 2009 at 5:44 PM, Johan Beisser <j...@caustic.org> wrote: >> > On Mon, Sep 14, 2009 at 5:39 PM, patrick keshishian <pkesh...@gmail.com> >> > wrote: >> >> I didn't want to hijack the other VPN thread for this purpose, so here >> >> is a new thread. Anyone know much about how Juniper SSL-VPN networks >> >> work? >> > >> > It's a java based client that's run on the "client-side" and forwards >> > specified packets through a tunnel interface. It's not that different >> > from OpenVPN. >> >> ahhh... Do you know if there are any open-source clients that are able >> to connect through their service? I'm unable to google any specifics >> on what "protocol" they use, or rather what their java app does after >> it is launched. Is it safe to assume it is a closed and proprietary >> solution? >> >> I am hoping some clever person has figured out how to roll her own >> equivalent of their java app using openssl/s_client or similar. > > The company i work for uses it. Its not that different from mature > ipsec vpn's - ssl is simply how the encryption is handled. The client > is configured by the central admin to enforce whatever policy is > requested (ours checks to make sure you run an acceptable host based > AV and firewall, blocks any post-connect changes to routing table, > allows split tunnelling only to the local subnet, etc). There is no > rolling your own client with ours, but it would be possible if the > admin of the VPN was very lenient (you can lock it down to only allow > certain versions of the client software etc or leave it wide open and > if it were wide open you could probably write something to fool it.
This is good info. So, if I understood what you are saying, assuming the leniency you mentioned, the admin of the VPN, again assuming this is someone in employment of my employer, would have enough knowledge to share with me, about what the client they deploy "does" (the required "handshaking", etc), to help implement my own client? My fear is the folks in charge of this new VPN solution my employer is rolling out, may not know about the specifics needed. But, based on your comments they may. Thanks for your post! --patrick
