Tutorial: Juniper Network Connect + OS X 10.6 Snow Leopard
German Version (english at the end):
Ich denke jeder kennt schon die Lösung, wie man Juniper Network Connect 6.X unter Snow Leopard zum Laufen bringt. Bei 90% der Leute klappt das aiuch wunderbar. Hier nochmal ein Verweis auf die Lösung:
http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&message.id=4965
Ein Problem löst dieser Fix aber nicht! Viele haben das Problem, bei einer laufenden Session Verbindungsabbrüche zu haben. Nach stundenlangem Sniffen und Suchen habe ich herausgefunden, dass dies mit der Routingtabelle unter Snow-Leopard zusammenhängt. Deaktiviert mal alle unbenutzten LAN-/WLAN-Verbindungen eures MACs, die aktiv sind (auch und besonders virtuelle Verbindungen!). Juniper Network Connect scheint Probleme mit dem Löschen der Default-Routen zu haben.
Nachdem ich die virtuellen Adapter, die ich eh nicht brauche, deaktiviert hatte und nur noch meine aktuelle Internetverbindung aktiv war, konnte ich Network Connect (bei mir noch 6.3.0) problemlos nutzen!
English Version:
I think everyone found the solution for getting Juniper Network Connect running under MAC OS X 10.6 Leopard. The following link points to the given information:
http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&message.id=4965
One major problem is not solved by this workaround: Established connections are not usable or dropping several packets in a flow. After hours of sniffing and searching I was able to discover that this problem is influenced by the routing-table. Please deactivate every unused (also virtual) connections on your MAC, which could bring a default-route into your routing-table (netstat -rn). Juniper Network Connect seems to have problems to drop the existing routing entries so the stream is unstable or unsable.
After erasing all unused connections I could use my default LAN-Connection (dhcp) to establish a perfectly working connection through Juniper Network Connect.
LOGS
rmon.warn adding back the missing route to 0.0.0.0/0.0.0.0 with gw 0.0.0.0, metric 1, if_id 9
rmon.info Adding route: 0.0.0.0/0.0.0.0 -> 0.0.0.0 (metric:1) (if_id:9)
rmon.warn deleted route to 0.0.0.0/0.0.0.0 with gw 0.0.0.0, if_id 7 reappeared
rmon.info Deleting route: 0.0.0.0/0.0.0.0 (routemon.cpp:1979)
rmon.error Failed to delete route. No such process (routemon.cpp:1014)
Update
There was a comment from Matt with a question regarding identifying the unused connections: “Can you post info on how to identify and disable unused connections?”
Of course, Matt! You can identify the unused connections by having a look at your “System Preferences” “Network Pane”. There you will maybe find connections like “Ethernet (en2) or (en3)”. This interfaces may belong to things like Parallels or VMWare. Please try to deactivate these interfaces.
Leave a Reply
Sep 22nd 2009 • 17:09
by matt
Can you post info on how to identify and disable unused connections?
thanks!
Oct 21st 2009 • 09:10
by Wiebke
What if you actually need these virtual interfaces? Do you know of any solution that does not involve deactivating them?
Feb 10th 2010 • 17:02
by jonathan
Please explain “deactivate” The only interface in use on my MacBookPro is the wireless at this time but there are many other interfaces including ones from VMWare and cellular wireless cards(none in use right now) When I look in my network settings i see interfaces but no way to “disable” them. BTW – I am on 10.6.2 and running latest rev on Juniper 6.5.0r2.
Feb 11th 2010 • 22:02
by foo
@jonathan: quick fix is to do ‘ifconfig interfacename down’ in the console – other way is to your gear wheel in network pref pane to ‘deactive’ it
@hendrik: did you already find another solution besides switching to aventail oder cisco? ;-) i really need the Parallels interfaces :-(
Feb 11th 2010 • 23:02
by foo
i just updated to Parallels 5 – the default routes to the Parallels interfaces have vanished in this version – so did the packet loss!
having a look at the other machine with VMware Fusion 3 i guess NC should work with that version too – no default routes either.
Sep 10th 2010 • 00:09
by jamiga67
Hi,
wir haben eine SA2000 (VPNoSSL)
Nun funktioniert der Zugang über MAC OS X 10.6.4. und aktuellem Safari einwandfrei.
Der Hostchecker wird aufgerufen, Vollzugriff möglich. Alles schön!
Mit dem aktuellen Firefox klapp das nicht. Da geht nur der “Kiosk” Zugang.
Hostchecker wird nicht geladen.
Auch mit älteren Versionen kein Erfolg.
Habe das Gefühl das es an Java, oder einem alten Hostchecker auf der Juniper liegt.
Was meinst du ?
Danke
jamiga