Another in my series of 6 months from now posts.
There is a Linux client for Checkpoint’s ssl extender vpn. The binary is called snx and it works quite reliably after you get over the problems of getting it installed. The first thing you need is the software itself which you will need to get from Checkpoint. The install is easy enough, just run the install script
./snx_install.shor if you want a bit more feedback you can run
sh +x ./snx_install.sh
This shell script contains an embedded tar file which installs the snx binary as /usr/bin/snx. To run the vpn script simply type
user@pc:~$ snxIf all goes well then you should see the SNL login screen as shown here:
Check Point's Linux SNX build XXXXXXXXX Please enter your password: SNX - connected. Session parameters: =================== Office Mode IP : xxx.xxx.xxx.xxx DNS Server : xxx.xxx.xxx.xxx Secondary DNS Server: xxx.xxx.xxx.xxx DNS Suffix : example.com Timeout : x hours
Now we get onto the if things don’t go well – which for me has been the default scenario.
We have the famed snx: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory bug. To get around this I downloaded the older debian package from ubuntu.
$ wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb
I extracted the debian package first to see what I was about to install.
$ dpkg-deb --extract libstdc++5_3.3.6-17ubuntu1_i386.deb ./ $ find . ./usr ./usr/share ./usr/share/doc ./usr/share/doc/libstdc++5 ./usr/share/doc/libstdc++5/TODO.Debian ./usr/share/doc/libstdc++5/copyright ./usr/share/doc/libstdc++5/README.Debian ./usr/share/doc/libstdc++5/changelog.Debian.gz ./usr/lib ./usr/lib/libstdc++.so.5.0.7 ./usr/lib/libstdc++.so.5 ./libstdc++5_3.3.6-17ubuntu1_i386.deb
Nothing too strange there so I then installed the package
$ dpkg -i libstdc++5_3.3.6-17ubuntu1_i386.deb
and after that snx works just fine …..
Edit2:
…. Until you try and do this on an AMD64/x86_64 computer. The steps above are the same except that you need to first install the amd64 version of gcc 3.3 as well.dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.debOne extra step is to also install the 32 bit libstdc libraries as snx is compiled as a i386 application.
dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp cp -v x/usr/lib/* /usr/lib32/Shouts go out to Husain Al-Khamis for this one.
and after that snx works just fine …..
until you update to kernel 2.6.32-21-generic which happened to me when I updated to Kubuntu 10.04 LTS.
I got the error message that there is no tun available. This is because the generic kernel was shipped without the tun.ko module that snx (and many other vpn’s ) use to create a virtual network interface.
Luckily the user kazersozet posted a fix which I’m copy and pasting below. The basic fix is supplied at your own risk.
sudo apt-get install build-essential linux-headers-`uname -r` mkdir faketun cd faketun echo -e "#include \nstatic int start__module(void) {return 0;}\nstatic void end__module(void){return;}\nmodule_init(start__module);\nmodule_exit(end__module);">tun.c echo -e "obj-m += tun.o\nall:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) modules\nclean:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) clean\nclean-files := Module.symvers">Makefile make sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko sudo depmod -a sudo modprobe tun
Edit: Please see the comments by Ove – for some reason wordpress is putting in a space see the origional post.
It first installs the applications needed to compile software. Then it creates two files called tun.c (the source code for the new module) and Makefile (the instructions on how to compile it) in a new subdirectory called faketun. Then it uses the make command to compile the software and the it installs it into the correct directory. It then runs depmod to update modules dependencies and finally it installs the new kernel module.