Like many other companies, my company provides VPN access to its employees so that we can stay
connected from our home offices or on the road. Most of the time, I connect to the company network
through a web portal which downloads, installs and runs
Juniper's "Network Connect" software on the Windows
client system. That's all fine and dandy, except that I am a command-line guy and find it way too
clumsy to fire up a web browser just in order to "dial in".
Fortunately, Juniper's Network Connect client has a command-line interface, and so here is a trivial
DOS batch script which can be used to establish a connection in "I-don't-need-no-stinkin'-buttons" mode.
The script assumes that the Network Connect client has been installed and run in the usual manner
(i.e. from the web portal) at least once. It will attempt to auto-detect the VPN host and user name,
so in most cases all you have to specify is password information. Oh, and the script assumes you want
to connect to the "SecurID(Network Connect)" realm by default, which requires entering a PIN and
a number displayed on your RSA SecurID token.
@echo off
REM
REM2011
REM
REM
setlocal enableextensions
call :find_juniper_client NCCLIENTDIR
if "x%NCCLIENTDIR%"=="x" (
echo ERROR: Cannot find Network Connect client.
goto :end
)
rem
set url=define-your-vpn-host-here
ping -n 1 %url% >nul
if not errorlevel 1 goto :validhost
rem
set NCCLIENTCONFIG="%NCCLIENTDIR%\..\Common Files\config.ini"
if exist %NCCLIENTCONFIG% for /f "delims=[]" %%A in ('findstr [[a-z0-9]\. %NCCLIENTCONFIG% ^| findstr /V "Network Connect"') do set url=%%A
ping -n 1 %url% >nul
if errorlevel 1 (
echo ERROR: Host %url% does not ping. Please check your configuration.
goto :end
)
:validhost
call :read_no_history url %url% "VPN host"
set user=guest
call :read_no_history user %user% "Username"
rem
rem
set realm="SecurID(Network Connect)"
call :read_no_history realm %realm% "Realm"
REMTODO
set password=""
call :read_no_history password %password% "Enter PIN + token value for user %user%:"
if x%password%==x (
echo ERROR: No password specified
goto :end
)
cls
echo Launching Juniper Network Connect client in
echo %NCCLIENTDIR%...
"%NCCLIENTDIR%\nclauncher.exe" -url %url% -u %user% -p %password% -r %realm%
goto :end
REM
:find_juniper_client
setlocal
set CLIENT=
rem
for /f "tokens=1* delims= " %%A in ('reg query "HKLM\SOFTWARE\Juniper Networks" 2^>nul') do set LATESTVERSION="%%A"
if x%LATESTVERSION%==x"" goto :eof
for /f "tokens=2* delims= " %%A in ('reg query %LATESTVERSION% /v InstallPath 2^>nul ^| findstr InstallPath') do set CLIENT=%%B
rem
if "x%CLIENT%"=="x" for /d %%A in ("%ProgramFiles(x86)%\Juniper Networks\Network Connect*") do set CLIENT=%%A
if "x%CLIENT%"=="x" for /d %%A in ("%ProgramFiles%\Juniper Networks\Network Connect*") do set CLIENT=%%A
endlocal & set "%~1=%CLIENT%"
goto :eof
REM
REM
:read_no_history
setlocal
set msg=%~3
if not "x%~2"=="x" (
set msg="%~3 (default: %~2): "
)
set /P RNH_TEMP=%msg% <nul
set RNH_TEMP=
REM
set RNH_CMDFILE=%TEMP%\temp$$$.cmd
(
echo @echo off
echo set var_=%2
echo set /p var_=
echo echo %%var_%%
)> "%RNH_CMDFILE%"
for /f "delims=," %%A in ('%RNH_CMDFILE%') do set RNH_TEMP=%%A
del %RNH_CMDFILE%
endlocal & if not x%RNH_TEMP%==x set "%~1=%RNH_TEMP%"
goto :eof
REM
:end
endlocal
The above script is meant to be used along with the Windows version of the Network Connect client. For the Linux
client, Paul D. Smith provides an excellent script and great instructions at
http://mad-scientist.us/juniper.html.
See below for the direct download link for the script.
PS: The code is now available from github as well, see
https://github.com/clausb/nclauncher.
PS/2: Paul D. Smith's instructions are unavailable as of November 2015; the Wayback archive still has a copy at
http://web.archive.org/web/20150908095435/http://mad-scientist.us/juniper.html.
Revision: r1.6 - 25 Nov 2015 - 22:03 - ClausBrod