Checkpoint vpn linux install

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Linux setup to work with Check Point Mobile Access VPN.

License

pedroeml/checkpoint-mobile-access-vpn

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Linux setup Check Point Mobile Access VPN

This is a step-by-step tutorial to setup your Linux machine with all the required dependencies to work with Check Point Mobile Access VPN. This tutorial also includes some troubleshooting.

In the past year I had to setup my Ubuntu 18.04 laptop twice. Both times were very exhausting and took long hours until it was ready to use due to so many different errors hard to find the solution on Google. So no need to mention this tutorial (at the current state) is only useful if you’re working with a clean and recently installed Ubuntu LTS distro.

First make sure your operating system is up-to-date with:

$ sudo apt-get update && sudo apt-get upgrade

Now you need some basic tooling for installing and building independent package vendors:

$ sudo apt-get install software-properties-common apt-transport-https wget curl $ sudo apt-get install build-essential

If your system has no Java version installed, make sure you install the version 8 (or higher). You can do that quickly with SDKMAN!, but first be sure you’re on your home directory with:

And then for installing SDKMAN!:

$ curl -s "https://get.sdkman.io" | bash $ source "$HOME/.sdkman/bin/sdkman-init.sh"

List the available Java versions and try to find the OpenJDK version 8 or higher (in my case it was 8.0.232-open ) and then install it:

$ sdk list java $ sdk install java 8.0.232-open

For the Check Point Mobile Access required packages, you’ll need to install xterm and some SSL packages with the following commands:

$ sudo apt-get install xterm $ sudo apt-get install libnss3-tools certutil

If you’re running a 64 bit operating system, you’ll need to install some 32 bit compatible libraries:

$ sudo apt-get install libx11-6 $ sudo dpkg --add-architecture i386 $ sudo apt-get update $ sudo apt-get install multiarch-support $ sudo apt-get install libx11-6:i386 libc6:i386 libncurses5:i386 libstdc++6:i386 libstdc++5:i386 libpam0g:i386

Downloading the Shell Scripts

There are two shell script files you’ll need to download to setup Check Point Mobile Access VPN on your machine:

Both of them you can get on your company’s Mobile Access VPN page.

2. Click on «Settings» button

3. Click on «Download Installation for Linux» for both SSL Network Extender and Check Point Mobile Access Portal Agent

Running the Shell Scripts

The scripts you’ve just downloaded are just regular files. So we need to change their permissions to make them executable with the following commands:

$ chmod +x snx_install.sh $ chmod +x cshell_install.sh

The first script we’re going to run is the snx_install.sh , which should not give any errors when installing it.

$ ./snx_install.sh Installation successfull

Here comes the tricky part: running the other shell script. The script will ask you for your password because it’s going to run some things as sudo . Everything should be going fine until it gets to the last step: when it tries to run /usr/bin/cshell/launcher . That’s where it gets stuck. This executable file does not work properly with sudo .

$ ./cshell_install.sh Start Check Point Mobile Access Portal Agent installation Extracting Mobile Access Portal Agent. Done Installing Mobile Access Portal Agent. Done Installing certificate. Done Starting Mobile Access Portal Agent.

When you notice it is stuck at the message above, open Ubuntu’s system monitor and try to find a process called launcher with 0% CPU usage and Sleeping status. Once you find it, kill it.

Do not ever type CTRL+C on the terminal or try to end its process or launcher ‘s. You must kill the launcher process. Otherwise, the script will do a clean-up and erase everything it has made that will allow you to make Check Point Mobile Access VPN work.

If you’ve done everything right, there should be an executable file called launcher at /usr/bin/cshell/ . If so, run it and it should have been displayed some logs as follows:

$ /usr/bin/cshell/launcher LAUNCHER> Starting CShell. LAUNCHER> CShell Started 

It means it has successfully been installed, and you should be fine trying to connect to the VPN now, but it doesn’t mean we don’t have more work to do.

If you end up with an error when you’re trying to run /usr/bin/cshell/launcher about a named pipe file called cshell.fifo inside the /tmp folder, just delete it with:

You need to disable one of your system’s startup applications. You should be able to see one of them called cshell with a marked checkbox. All it does is running the launcher executable file in /usr/bin/cshell/ . You must uncheck it because every time you let it run automatically it’s going to be run as sudo , which means it’s going to get stuck.

Now we’re going to do a little trick to make it start automatically without sudo : run it inside the .bashrc file, so every time you open up a terminal it’s going to run with your user normal permissions. Actually, we only want to run it once when you log in, right? So why don’t we simply run it inside .profile ? Because everything in .profile run as sudo , so the launcher is going to get stuck.

So here is the tricky part: let’s create a simple log file to check whether launcher should run every time you open up a terminal window. Add the following lines to the .profile file to remove the log file every time you log in.

if [ -f "/home/[MY-USER-NAME]/cshell_launcher.log" ]; then rm /home/[MY-USER-NAME]/cshell_launcher.log fi

On the .bashrc file add the following lines to check whether it should run the launcher file every time you open up a terminal window:

if [ ! -f "/home/[MY-USER-NAME]/cshell_launcher.log" ]; then /usr/bin/cshell/launcher > /home/[MY-USER-NAME]/cshell_launcher.log fi

Restart your computer, log into your user account and check if the log file we created is on your home directory by opening a terminal and typing:

$ ls | grep cshell cshell_launcher.log

Then show its contents by using cat and it should be displayed as the following:

$ cat cshell_launcher.log LAUNCHER> Starting CShell. LAUNCHER> CShell Started

Now you should be all set. Open your company’s Check Point Mobile Access page and you should be able to connect everytime you log into your computer. Just remember to open up a terminal window first 🙂

About

Linux setup to work with Check Point Mobile Access VPN.

Источник

How to install Checkpoint ssl extender vpn (snx) under Debian/Kubuntu

There is a Linux client for Checkpoint’s ssl extender vpn. The binary is called snx and it works quite reliably after you get over the problems of getting it installed. The first thing you need is the software itself which you will need to get from Checkpoint. The install is easy enough, just run the install script

or if you want a bit more feedback you can run

This shell script contains an embedded tar file which installs the snx binary as /usr/bin/snx. To run the vpn script simply type

If all goes well then you should see the SNL login screen as shown here:

Check Point's Linux SNX build XXXXXXXXX Please enter your password: SNX - connected. Session parameters: =================== Office Mode IP : xxx.xxx.xxx.xxx DNS Server : xxx.xxx.xxx.xxx Secondary DNS Server: xxx.xxx.xxx.xxx DNS Suffix : example.com Timeout : x hours

Now we get onto the if things don’t go well – which for me has been the default scenario.

We have the famed snx: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory bug.
On Debian Sid you can simply install the correct library

$ aptitude install libstdc++5

To get around this on ubuntu download an older package.

$ wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb

I extracted the debian package first to see what I was about to install.

$ dpkg-deb --extract libstdc++5_3.3.6-17ubuntu1_i386.deb ./ $ find . ./usr ./usr/share ./usr/share/doc ./usr/share/doc/libstdc++5 ./usr/share/doc/libstdc++5/TODO.Debian ./usr/share/doc/libstdc++5/copyright ./usr/share/doc/libstdc++5/README.Debian ./usr/share/doc/libstdc++5/changelog.Debian.gz ./usr/lib ./usr/lib/libstdc++.so.5.0.7 ./usr/lib/libstdc++.so.5 ./libstdc++5_3.3.6-17ubuntu1_i386.deb

Nothing too strange there so I then installed the package

$ dpkg -i libstdc++5_3.3.6-17ubuntu1_i386.deb

and after that snx works just fine …..

Edit2:
…. Until you try and do this on an AMD64/x86_64 computer. The steps above are the same except that you need to first install the amd64 version of gcc 3.3 as well.

dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.deb

One extra step is to also install the 32 bit libstdc libraries as snx is compiled as a i386 application.

dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp cp -v x/usr/lib/* /usr/lib32/

Shouts go out to Husain Al-Khamis for this one.

and after that snx works just fine …..

until you update to kernel 2.6.32-21-generic which happened to me when I updated to Kubuntu 10.04 LTS.

I got the error message that there is no tun available. This is because the generic kernel was shipped without the tun.ko module that snx (and many other vpn’s ) use to create a virtual network interface.

Luckily the user kazersozet posted a fix which I’m copy and pasting below. The basic fix is supplied at your own risk.

sudo apt-get install build-essential linux-headers-`uname -r` mkdir faketun cd faketun echo -e "#include \nstatic int start__module(void) \nstatic void end__module(void)\nmodule_init(start__module);\nmodule_exit(end__module);">tun.c echo -e "obj-m += tun.o\nall:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) modules\nclean:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) clean\nclean-files := Module.symvers">Makefile make sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko sudo depmod -a sudo modprobe tun

Edit: Please see the comments by Ove – for some reason wordpress is putting in a space see the origional post.

Edit3: I’ll just link to the Makefile and tun.c files.

It first installs the applications needed to compile software. Then it creates two files called tun.c (the source code for the new module) and Makefile (the instructions on how to compile it) in a new subdirectory called faketun. Then it uses the make command to compile the software and the it installs it into the correct directory. It then runs depmod to update modules dependencies and finally it installs the new kernel module.

This entry was posted in General, snx and tagged Checkpoint’s ssl extender, snx. Bookmark the permalink.

Источник