Workaround for Juniper VPN Split Tunneling Restriction. Split Tunneling is a networking concept which allows the user to access the corporate private network via the VPN link, and connect to the local LAN via the same or different interface. This service is usually facilitated through a program such as VPN client software application. One such application is the Juniper Network Connect. Juniper VPN solution is also used at my workplace for secure remote access. The bad thing is that the Split Tunneling option is turned off by the administrator. With Split Tunneling turned off, the local LAN cannot be accessed during an active VPN session. In the course of my work, I am often required to work on equipment located at our customer premises. As such, whenever I am on site, I always find it easier to connect to my company’s corporate network via VPN and at the same time, work on our customer equipment by connecting to their LAN switches. In this way, I am able to work on the equipment, check on my company’s knowledge base site for solutions, and respond to important emails, all at the same time. This however requires that Split Tunneling feature to be enabled. Fortunately though, there is a workaround for Split Tunneling for Juniper VPN solutions. The new routes will have the route metric (cost of destination) value set to 1. The old original routes will have a route metric value bigger than 1. This will cause all the traffic to pass through the VPN tunnel. Microsoft officially ended support for Windows Mobile Device Center (WMDC, formerly ActiveSync) in Windows Vista. For newer operating system versions, if possible it. By default, PowerShell has scripting support disabled. If you try and run a PowerShell script, you will be greeted with an error stating that the execution of scripts. A route monitor will then monitor the routes for any changes. If a manual routing change is detected, it will immediately terminate the VPN session. Bug in Juniper Network Connect VPN Client. Even though the route monitor process will monitor all the routes on the client PC, it will ignore route changes if the only change was the route’s metric. This bug is however fixed in Juniper Network Connect version 6. R3- 1 Build # 1. 36. Workaround for Juniper Network Connect prior to version 6. R3- 1. To exploit the route metric bug, perform the following steps: Connect to LAN and configure the IP address and routes as required. Connect to your corporate network using the Juniper Network Connect client. Open a Command Prompt window with Administrator privileges. Determine the Juniper Network Virtual Adapter Interface Index number. C: \Windows\system. Juniper Network Connect Virtual Adapter. Intel(R) PRO/Wireless 3. ABG Network Connection. Broadcom Net. Xtreme Gigabit Ethernet. The Index number is 2. Take a look at your routing table. It will have routes something like this. C: \Windows\system. The route metric workaround was still working when I tested with Juniper Network Connect client version 6. Juniper Network Connect Service 5. Your mileage may vary. If you are more adventurous, you can instead try to patch the Juniper Network Connect Service executable to make it assume that there are no routes to monitor. You may require a tool similar to the IDA Pro Disassembler to assist you in patching the executable. Tips on patching the Juniper Network Connect Service. This tip is based on the version 6. It might differ for other versions. Generate assembly code for the executable using IDA Pro. Search for a push instruction that references the string no routes to monitor and determine the function name. Look for a conditional jump instruction before that instruction. This instruction has to be patched with the famous nop (No Operation) instruction or 0x. Locate the function in IDA Pro and determine the hexadecimal data surrounding the jump instruction. Open the executable in a Hex Editor and search for the hexadecimal data and patch the jump instruction to 0x. The service should now assume that there are no routes to monitor. As the program flow could change in the future, please only use the above guide as a general reference. If you are using the VPN client on Linux or Mac OS, IDA Pro might still be useful to you. Workaround for Juniper Network Connect version 6. I got a couple of mails requesting for help to get version 6. I am adding this section. From version 6. 4, Juniper has started using digital signatures for the Network Connect Service. Once the file is patched, you will get an invalid signature error. To overcome that error, open IE and goto Tools - > Internet Options, and click on the Advanced tab. Enable the option that says Allow software to run or install even if the signature is invalid. There are also some routing table changes from version 6. Juniper removes the directly connected routes). You can either opt to patch the Network Connect Service version 6. Network Connect Service to version 6. Downgrading to version 6. Update (2- Mar- 2. Added workarounds for Juniper VPN 6. Update (2. 2- Sept- 2. You can refer to the article Juniper VPN Network Connect Split Tunneling Patch for the patch offsets. Related: Workaround: Juniper Junos Pulse Split Tunneling Restriction. DISCLAIMER: THE ABOVE ARTICLE IS MEANT FOR EDUCATIONAL PURPOSES ONLY. I DO NOT PROMOTE OR SUPPORT ANY KIND OF REVERSE ENGINEERING OF COPYRIGHTED MATERIAL OR CONTENTS. THIS IS JUST A PROOF OF CONCEPT AND I AM NOT RESPONSIBLE FOR ANY LEGAL ISSUES YOU ENCOUNTER IF YOU FOLLOW THE ABOVE GUIDES/INSTRUCTIONS. I AM NOT RESPONSIBLE OF ANY OUTCOME, LOSS OF DATA OR ANY DAMAGES RESULTED DUE TO THE ACT OF YOU PROCEEDING WITH THE ABOVE GUIDES/INSTRUCTIONS. Ibrahim is a technology enthusiast with a keen interest in *NIX (Unix, Linux) systems, Android, open source and other tech related stuff. When his cpu load is low, you can probably find him online playing on his Xbox or Play.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |