How to install Checkpoint ssl extender vpn (snx) under Fedora 14

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

This is the Fedora 14 AMD64 version of my previous post How to install Checkpoint ssl extender vpn (snx) under Debian/Kubuntu. Running the install is the same and hopefully will go without error.

./snx_install.sh

Unfortunately snx will not run complaining about missing libraries

[root@laptop checkpoint]# ldd /usr/bin/snx
        linux-gate.so.1 =>  (0xf773e000)
        libX11.so.6 => /usr/lib/libX11.so.6 (0xf75f2000)
        libpthread.so.0 => /lib/libpthread.so.0 (0xf75d6000)
        libresolv.so.2 => /lib/libresolv.so.2 (0xf75bc000)
        libdl.so.2 => /lib/libdl.so.2 (0x4c766000)
        libpam.so.0 => not found
        libnsl.so.1 => /lib/libnsl.so.1 (0xf75a0000)
        libstdc++.so.5 => not found
        libc.so.6 => /lib/libc.so.6 (0x4c5d0000)
        libxcb.so.1 => /usr/lib/libxcb.so.1 (0xf7582000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7564000)
        /lib/ld-linux.so.2 (0x4c5ac000)
        libXau.so.6 => /usr/lib/libXau.so.6 (0xf7561000)

The solution for some of the problems are to install the following packages:

yum install compat-libstdc++-33.x86_64 compat-libstdc++-33.i686 audit-libs.i686

Unfortunately some problems remain

[root@laptop checkpoint]# ldd /usr/bin/snx | grep "not found"
        libpam.so.0 => not found

After getting a lot of help from JessiJames and thrice` on #oggcastplanet @ freenode we came up with this solution:

First get the i686 version of pam, then extract it, and finally link the libpam.so.0 to the new location.

wget ftp://rpmfind.net/linux/fedora/updates/14/x86_64/pam-1.1.1-6.fc14.i686.rpm
rpm2cpio pam-1.1.1-6.fc14.i686.rpm | cpio -idmv
mkdir /usr/local/lib/checkpoint32/
find| grep libpam.so.0
cp -v ./lib/libpam.so.0.82.2 /usr/local/lib/checkpoint32/
ln -s /usr/local/lib/checkpoint32/libpam.so.0.82.2 libpam.so.0

Hopefully that should fix it for you as well.

This entry was posted in General, snx and tagged , , . Bookmark the permalink.

6 Responses to How to install Checkpoint ssl extender vpn (snx) under Fedora 14

  1. JLuis says:

    Hi,
    Im triying using SNX VPN for my work but i do not have succes… i get this errors:

    Jan 26 09:39:55 jl kernel: [ 6935.925096] snx[11558]: segfault at 4 ip 0827f6af sp bf816210 error 4 in snx[8048000+307000]
    Jan 26 09:39:55 jl abrt[11579]: saved core dump of pid 11558 (/usr/bin/snx) to /var/spool/abrt/ccpp-1296056395-11558.new/coredump (1015808 bytes)
    Jan 26 09:39:55 jl abrtd: Directory ‘ccpp-1296056395-11558’ creation detected
    Jan 26 09:39:55 jl abrtd: Executable ‘/usr/bin/snx’ doesn’t belong to any package
    Jan 26 09:39:55 jl abrtd: Corrupted or bad crash /var/spool/abrt/ccpp-1296056395-11558 (res:4), deleting

    #### my host
    ####Linux jl.jluis 2.6.35.10-74.fc14.i686.PAE #1 SMP Thu Dec 23 16:10:47 UTC 2010 i686 i686 i386 GNU/Linux
    #### email
    #### hell_jl@yahoo.com.mx

  2. turgut says:

    Well I had to take a different approach, in my case the 64-bit libraries that I have do not work with snx. So, I had to install the 32-bit variety:
    wget ftp://rpmfind.net/linux/fedora/updates/14/i386/pam-1.1.1-6.fc14.i686.rpm
    rpm2cpio pam-1.1.1-6.fc14.i686.rpm |cpio -idmv
    cd lib
    cp libpam.so.0 /lib

  3. Got it working by installing the i386 versions libX11, Compat-libstdc++-33 and pam as the x86_64 versions weren’t recognised. This now works fine (on Centos).

    What I’m trying to do now is to set up iptables so that it will forward traffic from the rest of my home lan to the vpn device. I think I’ll need to work with NAT as potentially I’m forwarding several sessions to a single IP address. As I use a hardware router (linksys) to go to my adsl connection I have instructed it to forward all addresses in my work subnet to Centos.

    This will allow me to work from a laptop without having to manually run the vpn client. The other advantage is that unless there’s a network interruption the connection stays up continuously (I’ve seen it run for over a week), whilst the windows client times out after 8 hours (although perhaps there’s some way to override that). I hope to use cron to reestablish the vpn connection whenever it disappears.

    If you have any tips please feel free to publish them. Otherwise I’ll do the same and try to remember to track back.

    Chris

  4. Howard says:

    Did you ever get the forwarding through snx vpn client using NAT working? I’m trying to do that now, and it should be a straight forward:

    sysctl -w net.ipv4.ip_forward=1
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    Then add routes at router or on desktop.

    But doesnt seem to work for me, any idea’s?

  5. Pingback: Installer checkpoint ssl extender vpn (snx) sous linux « L'aide mémoire … Mes notes …

  6. Hi all,

    I have a scenario where the VPN-1 resides behind a Nat firewall and does not have the public IPs on it´s topology.

    Link Selection configuration is already set to use Nat´ed IP. I can start and keep IPSecV1 and V2 Site-to-site VPN as well L2TP. SNX SSL vpns works on Windows fine.

    But i just cannot stablish VPN connection from Linux to the VPN-1 box.

    As this client parses the https responses from the VPN-1, before starting the tunnel itself, it parses the variable gw_ip= and IT uses the main IP of the gateway object.

    Any1 knows how to manually set this IP ? Maybe a flat file or thru dbgui edit ?

Leave a Reply

Your email address will not be published. Required fields are marked *