Ubuntu – How to prevent Juniper Network Connect breaking DNS resolutions

dnsmasqnetworkingresolv.confvpn

Juniper Network Connect has been an issue on 64bit Linux for quite sometime. I have found 2 solutions to the Java issue (Could anyone provide a step by step for getting juniper netconnect and citrix? and Running 32-bit Firefox with sun-jre in 64-bit Ubuntu) but now I am struggling with a new issue.

Network Connect makes changes directly to the /etc/resolv.conf file. This causes issues with the newer way that Ubuntu does DNS resolutions which is to point DNS to the local resolver/cacher: dnsmasq. Once NC disconnects and you change networks, e.g. go from office to home, then DNS stops working correctly.

What happens is that NC deletes the /etc/resolv.conf file which is actually symlinked to /run/resolvconf/resolv.conf. What's worse is that NC actually deletes the original file not the link. So when you try to restore the file with:

sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf

It fails as /run/resolvconf/resolv.conf is now gone. Re-installing resolvconf does not fix it and neither does running resolvconf.

So the best way I have found so far is to first backup /run/resolvconf/resolv.conf to another location. After you disconnect NC I then run a script that removes /etc/resolv.conf, replaces the deleted /run/resolvconf/resolv.conf and then links it back to /etc again.

Does anyone know a way to avoid this or do I pretty much have he best "fix" in place already? Any way to prevent NC from breaking it in the first place?

Best Answer

First: clicking the Sign Out button in the Network Connect window (the window that shows the VPN IP while connected) and

Then clicking on the Sign Out button in the logged-in web page avoids this problem.

Please indicate in comment if this works or not.

Thanks

Related Solutions

Ubuntu – Not able to connect to Juniper VPN on Lubuntu 13.04

If You got Juniper SA older than 7.3, then You need to install both 32 and 64 bit. You need to launch java 32 bit to run network connect.

You need to install libxtst6:i386 package to run 32bit version of java on 64 bit system:

sudo apt-get install libxtst6:i386 libxrender1:i386 libxi6:i386 libncurses5:i386 libncursesw5:i386 libncurses-ruby:i386

(if it fails, then install whole ia32-libs package).

install 64 bit version in /usr/lib/java/jre/

install 32 bit version in /usr/lib/java32/jre/

then do following:

sudo mv /usr/lib/java/jre/bin/java{,.orig}

sudo gedit /usr/lib/java/jre/bin/java

file should look like this:

#!/bin/bash
if [ "$3" = "NC" ]
then
  /usr/lib/java32/jre/bin/java "$@"
else
  /usr/lib/java/jre/bin/java.orig "$@"
fi

Then You need to make it executive:

sudo chmod +x /usr/lib/java/jre/bin/java

Then use update-alternatives to install appropriate version of java:

sudo update-alternatives --install /usr/lib/mozilla/plugins/libnpjp2.so java_plugin /usr/lib/java/jre/lib/amd64/libnpjp2.so 10
sudo update-alternatives --install /usr/bin/java java /usr/lib/java/jre/bin/java 10
sudo update-alternatives --install /usr/bin/javaws javaws /usr/lib/java/jre/bin/javaws 10

If You have encrypted home folder, since 13.04 there is nosuid added to mount options, so You can move .juniper folder outside of encrypted home, ie: /opt an the create a symlink:

cd ~
mv .juniper /opt
ln -s /opt/.juniper .

Determine if You have installed java plugin in Firefox (in add-ons -> plugins). If So, You should be ready to go.

I took recipe from that page: http://ubuntuforums.org/showthread.php?t=232607&page=51

But if You want to run openjdk, then follow those steps:

sudo apt-get install openjdk-7-jre icedtea-7-plugin openjdk-7-jre:i386 ia32-libs
sudo mv /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java{,.orig}
sudo gedit /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java

It shoul look like this:

#!/bin/bash
if [ "$3" = "NC" ]
then
  /usr/lib/jvm/java-7-openjdk-i386/jre/bin/java "$@"
else
  /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java.orig "$@"
fi

Make it executive:

chmod +x /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java

So far it worked for me.

Regards,

Mario.

Ubuntu – Having DNS Issues when connected to a VPN in Ubuntu 13.04

First make sure that there are no lines beginning with nameserver in any files in /etc/resolvconf/resolv.conf.d. If /etc/resolvconf/resolv.conf.d/tail is a symbolic link to target original, make it point to /dev/null.

Second, disconnect from the VPN. Edit /etc/NetworkManager/NetworkManager.conf

$ sudo gedit /etc/NetworkManager/NetworkManager.conf

and comment out

dns=dnsmasq

(i.e., add a # so that it looks like the following)

#dns=dnsmasq

and then

sudo restart network-manager

Best Answer

Related Solutions

Ubuntu – Not able to connect to Juniper VPN on Lubuntu 13.04

Ubuntu – Having DNS Issues when connected to a VPN in Ubuntu 13.04

Related Question