Skip to content

Instantly share code, notes, and snippets.

/README

Created October 1, 2013 11:56
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/6777345 to your computer and use it in GitHub Desktop.
Save anonymous/6777345 to your computer and use it in GitHub Desktop.
Download ZIP
Juniper SSL Network Connect VPN Route Monitor (Split Tunelling) Hack
Raw
README
First you must replace these constants:
MYHOMEDIR - eg: '/home/rusty'
MYVPNUSER - eg: 'rusty.venture'
MYVPNURL - 'http://something.com/..../index.cgi
MYVPNHOST - 'something.com'
MYVPNREALM - your realm
MYPIN - your pin if using RSA token
MYROUTE1 - routes to add and delete
MYROUTE2 - routes to add and delete
Then build liboverc.so using build-liboverc.sh script. Copy the .so to your .juniper_networks/network_connect folder.
Run "vpn.connect PASSWORD/TOKEN" to connect. The script will set LD_PRELOAD to force nvsvcs to load fake-routes file if the file exists. Before starting ncsvc it will delete the fake-routes file so ncsvc will see real routes
Run "vpn.fixroutes tun0" to copy real route table to fake-routes file. That will force hacked ncsvc to see fake-routes when it does the route check. The vpn.fixroutes script then adds/removes routes you actually need.
NOTE: the ncsvc vpn also adds a dns server to resolve conf. this server might be on a different network. Make sure that you're adding a tun0 route to that DNS server.
Raw
build-liboverc.sh
set -x
gcc -c -fPIC -I/usr/local/include -g -m32 liboverc.c -o liboverc.o
gcc -fPIC -shared -fPIC -I/usr/local/include -g -m32 -ldl liboverc.o -o liboverc.so
### for 64 bit NCSVC binaries - not in use ###
# gcc -c -fPIC -I/usr/local/include -g liboverc.c -o liboverc.o
Raw
liboverc.c
#include <unistd.h>
#include <stdio.h>
#include <dlfcn.h>
#include <string.h>
FILE *fopen(const char *path, const char *mode) {
// CHANGEME: replace libc.so.6 path with `ldd -r ./ncsvc | grep libc`
const char library[] = "/lib/i386-linux-gnu/libc.so.6";
const char fake_route_path[] = "MYHOMEDIR/.juniper_networks/fake-route";
void *handle = NULL;
FILE *(*real_fopen)(const char *path, const char *mode) = NULL;
// const char library[] = "/lib/x86_64-linux-gnu/libc.so.6";
handle = dlopen(library, RTLD_LAZY);
if (handle == NULL) {
fprintf(stderr, "Failed to dlopen %s\n", library);
fprintf(stderr, "dlerror says: %s\n", dlerror());
return -1;
}
real_fopen = dlsym(handle, "fopen");
if(strcmp(path, "/proc/net/route") == 0) {
if(access(fake_route_path, F_OK) != -1) {
fprintf(stderr, "liboverc.so: faking routes with %s\n", fake_route_path);
return real_fopen(fake_route_path, mode);
}
}
return real_fopen(path, mode);
}
Raw
vpn.connect
#!/bin/sh
if [ $# -ne 1 ];then
echo "Usage: vpn.connect TOKEN"
exit 1
fi
#if [[ $EUID -ne 0 ]]; then
# echo "This script must be run as root" 1>&2
# exit 1
#fi
set -x
dir='MYHOMEDIR/.juniper_networks'
host='MYVPNHOST'
url='MYVPNURL'
user='MYVPNUSER'
realm='MYVPNREALM'
cert_path=$dir/.cert.$host
rm -f $dir/fake-route
/bin/bash $dir/getx509certificate.sh $host $cert_path
sudo LD_PRELOAD=$dir/network_connect/liboverc.so $dir/network_connect/ncsvc -h $host -u $user -r $realm -U $url -f $cert_path -p MYPING$1
Raw
vpn.fixroutes
#!/bin/sh
if [ $# -ne 1 ];then
echo "Usage: vpn.fixroutes TUNDEV"
exit 1
fi
tun=$1
set -x
dir='MYHOMEDIR/.juniper_networks'
rm -f $dir/fake-route
cp /proc/net/route $dir/fake-route
sudo ip route delete default dev $tun
sudo ip route add MYROUTE1/16 dev $tun metric 1
sudo ip route add MYROUTE2/16 dev $tun metric 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment