Checkpoint SNX on Ubuntu 14.04 LTS (Trusty Tahr)

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.


The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x snx_install.sh
Installation successfull

If you run this now you will get the error

snx: error while loading shared libraries: libpam.so.0: cannot open shared object file: No such file or directory

We can check if the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found"
        libpam.so.0 => not found
        libstdc++.so.5 => not found

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply

apt-get install libstdc++5:i386 libpam0g:i386

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Note the build number of 800007075. I had difficulties connecting with any other version lower than this.

This entry was posted in General, snx. Bookmark the permalink.

23 Responses to Checkpoint SNX on Ubuntu 14.04 LTS (Trusty Tahr)

  1. Lukeab says:

    Ken, i’ve only managed to find 800007027. no sign of 800007075. Can you do everyone in the world a huge favour and identify the correct checkpoint support site download link, i’ve hunted through their search tool for 2 hours without identifying which download is correct.

  2. ken_fallon says:

    Hi Lukeab,

    I got this version from our IT department and I’m not allowed to distribute it. Sorry. This is what RMS means about not been able to help a neighbour.

    Ken.

  3. Lukeab says:

    ahh, thanks for explaining that Ken, I’ll have to badger our IT department to get what i can.
    The latest I could find available for download so far is 800007058, which i found in a comment to an AUR package https://aur.archlinux.org/packages/snx/
    It was interesting the comment said

    This server had a more recent version previously (800007075), I don’t know why they downgraded.

  4. Anthony I. says:

    Good evening –

    I have tried following your steps and everything seems fine until I hit [Y]:
    ——————————-
    root@PC:~# snx -s my-checkpoint-server -u username
    Check Point’s Linux SNX
    build 800007097
    Please enter your password:
    SNX authentication:
    Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
    Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
    Do you accept? [y]es/[N]o:
    y
    SNX: Authentication failed
    ——————————-

    I get the proper connection gateway information, but then I get authentification failed. My password is right as I am able to login via a Windows OS browser using Mozilla Firefox.

    Can someone shed some light on why I may be having this issue? Let me know if you need some specific details…

    Thank you,

  5. ken_fallon says:

    Anthony I.

    You must use version “build 800007075”

    Ken

  6. Louis Pendelton says:

    this is bullshit. He tells you to occupy only a specific version, which doesn’t exist in any other part of the globe rather than on his IT department. However tells you that any other version will not work. then what is the reason for this post ?. doesn’t help at all.
    is like saying “hey, snx works for me but you will never get it work”

  7. ken_fallon says:

    Hi Louis,

    Isn’t there some value in knowing what will work and what won’t ? If you work for a company with a contract with Checkpoint, you can request the version as part of your contract. I would love to be able to link directly to the software, but the license doesn’t permit it. If we expect people to respect the terms of FLOSS licenses we need to also respect the terms of proprietary licenses.

    So please don’t shoot the messenger here.

    Regards,

    Ken.

  8. Stefano says:

    Thank You!!!

    Stefano

  9. Rino says:

    Hi Ken,

    What is your CheckPoint device? I have an Appliance 600. If I try to connect from browser everything is fine, but if I use the snx client from command line, it always returns the following message “SNX: Authentication failed.”

    From what I see the java applet (loaded by the browser) calls the snx client (build number 800007027) from command line. It seems a little bit strange!

    Is it possible there is a difference across different devices?

    Regards,

    Rino

  10. Francesco says:

    Thank you Ken!

  11. Pingback: CheckPoint SNX install instructions for major Linux distributions | kenfallon.com

  12. Pingback: CheckPoint SNX install instructions for major Linux distributions | Linux Admins

  13. Franz says:

    Great! Thank you Ken!

  14. bigbear_singh says:

    Thank you for posting this!

    To launch, I could not achieve this by using snx in CLI – authentication kept failing.
    But sessions within browser are now working! Thanks again!

  15. Rob Audenaerde says:

    Thanks for this easy solution!!

    Btw. there is a typo in the title, it is ‘CheckPoint’ not ‘CheckPont’ 🙂

  16. ken_fallon says:

    Well spotted. I fixed it.

  17. Jon says:

    Hi! Ken i have the same issue “SNX: Authentication failed”

    but my version is:

    Check Point’s Linux SNX
    build 800007097

    i saw that to use “build 800007075” but, dont find t

  18. ken_fallon says:

    Hi Jonathan,

    CheckPoint have dropped support for the client. I have an updated post here (http://kenfallon.com/checkpoint-snx-install-instructions-for-major-linux-distributions/) which gives you more information.

    The good news is that it is still possible to connect via Linux but the bad news is that it requires X, Firefox, Java *and* the SNX client, to work.

    Ken

  19. Peter Wagner says:

    Hello,

    thanks a lot, works exactly like described! In Wily Werwulf!

    Regards,
    Peter

  20. Sergiy says:

    Awasome! Thank you very much.

  21. Johannes Ahlers says:

    Hi,

    I successfully installed the build 800007102 of the CheckPoint client. VPN-connections are working. But I have the problem with DNS resolving of “other” hosts during the snx client is running. It seams the snx client modifies my /etc/resolv.conf when it is started and this let resolving of all none-VPN hosts fail.

    When the snx client isn’t started, the resolv.conf looks like this:
    nameserver 1xx.1x.3x.4x
    nameserver 127.0.0.1
    search futura.lokal

    When the snx client is running, it look like this:
    nameserver 1x.1.x.4
    nameserver 1x.1.x.100
    nameserver 127.0.0.1
    nameserver 1xx.1x.3x.4x
    search xxx.de xxx2.de futura.lokal

    I found this Issue of CheckPointSupport:
    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31082

    But the describe solution with modifying /etc/nsswitch.conf doesn’t help.

    Does anyone has the same problem and eventually a solution?

    Best Regards,
    Johannes

  22. Hi Ken,
    Your post privided the missing hint for me to get snx working on Debian Jessie 64 bit. Thanks! Here is the full recipe that worked for me:

    dpkg –add-architecture i386
    apt-get update
    apt-get install libstdc++5:i386 libpam0g:i386

  23. Pingback: Conexion Checkpoint VPX desde un Linux - MundosysadminMundosysadmin

Leave a Reply

Your email address will not be published.