Category Archives: authentication

Public key authentication in JUNOS

Enabling public key authentication isn’t much different than Linux. You create your public private key and then push your public key to the remote device. Here are instructions;

For example you would like to connect from the machine linrouter to the remote junos device. My test devices are Linux and SRX firewall.

1) Create public private pair on Linux client

For the simplicity I didn’t enter any pass phrase i.e it will be a password-less login.

Continue reading

LDAP configuration in SRX Dynamic VPN

I am writing in this post how we can configure our openldap server in a linux system and let dynamic VPN users in SRX authenticate through it. As installing ldap isn’t covered in this post, please check your Linux distribution’s documentation. My test system involves the following components and path names may change depending on your Linux distribution:

Gentoo Linux
SRX 210 Junos 10.4R10.7
Openldap 2.4.30

Let’s start with LDAP configuration in Linux

LDAP Configuration

1) Make sure following schema are enabled in /etc/openldap/slapd.conf

2) Create a file name neworg.ldif with the following content

WARNING: I assume your suffix variable is also set to “dc=example,dc=net” in your slapd.conf

Continue reading is not within the subnet of any address on this interface

I have got a very strange error as below when I tried to configure web authentication on my SRX junos 11.1R4.4

I didn’t actually recall having this error on my 10.4 version but I may be wrong. However address was the only address configured under interface stanza.

Then after a few minutes the penny dropped. Perhaps it isn’t allowed to set one interface for traffic and web authentication purposes and I tried using a separate ip address than the primary one and bingo! it worked.