Checkpont SNX on Ubuntu 11.10 (oneiric)

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

It’s time for Ubuntu 11.10 and the obligatory how to get Checkpoint SSL extender VPN (SNX) working under it.

The first step is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x snx_install.sh
Installation successfull

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready.

# uname -p
x86_64
# aptitude install ia32-libs libstdc++5

Now let’s check that the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found"
        libpam.so.0 => not found

This is a new one so a quick check on Google found the answer in of all places the Citrix forum.

Combining the post from Stuart Johnston, and Israel Diaz you get:

# wget http://packages.ubuntu.com/km/precise/i386/libpam0g/download 
# mkdir tmp
# dpkg -x libpam0g_1.1.3-7ubuntu2_i386.deb tmp
# cd tmp/lib/i386-linux-gnu/
# cp libpam.so.0.83.0 /lib/i386-linux-gnu
# cd /lib/i386-linux-gnu
# ln -s libpam.so.0.83.0 libpam.so.0
# ldd /usr/bin/snx 

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build XXXXXXXXXXXX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

This entry was posted in snx. Bookmark the permalink.

5 Responses to Checkpont SNX on Ubuntu 11.10 (oneiric)

  1. Grmblmbl says:

    Hello,

    I tried to connect to my Checkpoint VPN with snx and it failed.

    Here are my settings :
    Ubuntu 12.10 beta2 , 32 bits
    Oracle Java 1.6.0_35
    Firefox 15.0.1 with java plugin
    libstdc++5 1:3.3.6-25ubuntu1

    The Java applet is stuck on “connecting”.
    dmesg says :
    snx[xxxx]: segfault at x ip xxxxxxxx sp xxxxxxxx error x in snx[xxxxxxxx+xxxxxx]

    From the command line I get :
    $ sudo snx -s IP -u USERNAME
    Check Point’s Linux SNX
    build 800006001
    Please enter your password:
    SNX authentication:
    Please confirm the connection to gateway: FireWall VPN Certificate
    Root CA fingerprint: SOME FINGER PRINT
    Do you accept? [y]es/[N]o:
    y
    SNX: Authentication failed

    Do you have any idea ?
    Thanks.

  2. Dragonix says:

    I’m running on Ubuntu 12.04 LTS and I can confirm that this is working like a charm!
    Just follow the steps described above and you should do fine!

    Thanks Ken!

  3. grappler says:

    This is exactly what I needed.

    Installed on 12.10 quantal. I only had to change the following

    from
    wget http://packages.ubuntu.com/km/precise/i386/libpam0g/download
    to
    wget http://packages.ubuntu.com/km/quantal/i386/libpam0g/download
    This above step actually downloaded an HTML page with links to mirrors that had the file.

    Then changed
    this
    dpkg -x libpam0g_1.1.3-7ubuntu2_i386.deb tmp
    to
    dpkg -x libpam0g_1.1.3-7ubuntu3_i386.deb tmp

    Again this is for ubuntu 12.10.

    Thanks again, Ken. You totally saved me; I need this VPN working for a production deployment in a few hours.

  4. gatts says:

    Thank you grappler, i have some doubts about the quantal library version but with your comment my snx connection is ok’s !

    Hugs from México.

  5. Kristian says:

    Tried this on LM 13 and 14.
    Works perfect!
    Thank you!

Leave a Reply

Your email address will not be published.