I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions
It’s time for Ubuntu 11.10 and the obligatory how to get Checkpoint SSL extender VPN (SNX) working under it.
The first step is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.
# sh +x snx_install.sh Installation successfull
This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready.
# uname -p x86_64 # aptitude install ia32-libs libstdc++5
Now let’s check that the required libraries are loaded.
# ldd /usr/bin/snx | grep "not found"
libpam.so.0 => not found
This is a new one so a quick check on Google found the answer in of all places the Citrix forum.
Combining the post from Stuart Johnston, and Israel Diaz you get:
# wget http://packages.ubuntu.com/km/precise/i386/libpam0g/download # mkdir tmp # dpkg -x libpam0g_1.1.3-7ubuntu2_i386.deb tmp # cd tmp/lib/i386-linux-gnu/ # cp libpam.so.0.83.0 /lib/i386-linux-gnu # cd /lib/i386-linux-gnu # ln -s libpam.so.0.83.0 libpam.so.0 # ldd /usr/bin/snx
You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.
user@pc:~$ snx -s my-checkpoint-server -u username Check Point's Linux SNX build XXXXXXXXXXXX Please enter your password: SNX authentication: Please confirm the connection to gateway: my-checkpoint-server VPN Certificate Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK Do you accept? [y]es/[N]o:
Finally you should be able to use the client and login.
Hello,
I tried to connect to my Checkpoint VPN with snx and it failed.
Here are my settings :
Ubuntu 12.10 beta2 , 32 bits
Oracle Java 1.6.0_35
Firefox 15.0.1 with java plugin
libstdc++5 1:3.3.6-25ubuntu1
The Java applet is stuck on “connecting”.
dmesg says :
snx[xxxx]: segfault at x ip xxxxxxxx sp xxxxxxxx error x in snx[xxxxxxxx+xxxxxx]
From the command line I get :
$ sudo snx -s IP -u USERNAME
Check Point’s Linux SNX
build 800006001
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: FireWall VPN Certificate
Root CA fingerprint: SOME FINGER PRINT
Do you accept? [y]es/[N]o:
y
SNX: Authentication failed
Do you have any idea ?
Thanks.
I’m running on Ubuntu 12.04 LTS and I can confirm that this is working like a charm!
Just follow the steps described above and you should do fine!
Thanks Ken!
This is exactly what I needed.
Installed on 12.10 quantal. I only had to change the following
from
wget http://packages.ubuntu.com/km/precise/i386/libpam0g/download
to
wget http://packages.ubuntu.com/km/quantal/i386/libpam0g/download
This above step actually downloaded an HTML page with links to mirrors that had the file.
Then changed
this
dpkg -x libpam0g_1.1.3-7ubuntu2_i386.deb tmp
to
dpkg -x libpam0g_1.1.3-7ubuntu3_i386.deb tmp
Again this is for ubuntu 12.10.
Thanks again, Ken. You totally saved me; I need this VPN working for a production deployment in a few hours.
Thank you grappler, i have some doubts about the quantal library version but with your comment my snx connection is ok’s !
Hugs from México.
Tried this on LM 13 and 14.
Works perfect!
Thank you!