I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions
Another in my series of 6 months from now posts.
There is a Linux client for Checkpoint’s ssl extender vpn. The binary is called snx and it works quite reliably after you get over the problems of getting it installed. The first thing you need is the software itself which you will need to get from Checkpoint. The install is easy enough, just run the install script
./snx_install.sh
or if you want a bit more feedback you can run
sh +x ./snx_install.sh
This shell script contains an embedded tar file which installs the snx binary as /usr/bin/snx. To run the vpn script simply type
user@pc:~$ snx
If all goes well then you should see the SNL login screen as shown here:
Check Point's Linux SNX build XXXXXXXXX Please enter your password: SNX - connected. Session parameters: =================== Office Mode IP : xxx.xxx.xxx.xxx DNS Server : xxx.xxx.xxx.xxx Secondary DNS Server: xxx.xxx.xxx.xxx DNS Suffix : example.com Timeout : x hours
Now we get onto the if things don’t go well – which for me has been the default scenario.
We have the famed snx: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory bug.
On Debian Sid you can simply install the correct library
$ aptitude install libstdc++5
To get around this on ubuntu download an older package.
$ wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb
I extracted the debian package first to see what I was about to install.
$ dpkg-deb --extract libstdc++5_3.3.6-17ubuntu1_i386.deb ./
$ find
.
./usr
./usr/share
./usr/share/doc
./usr/share/doc/libstdc++5
./usr/share/doc/libstdc++5/TODO.Debian
./usr/share/doc/libstdc++5/copyright
./usr/share/doc/libstdc++5/README.Debian
./usr/share/doc/libstdc++5/changelog.Debian.gz
./usr/lib
./usr/lib/libstdc++.so.5.0.7
./usr/lib/libstdc++.so.5
./libstdc++5_3.3.6-17ubuntu1_i386.deb
Nothing too strange there so I then installed the package
$ dpkg -i libstdc++5_3.3.6-17ubuntu1_i386.deb
and after that snx works just fine …..
Edit2:
…. Until you try and do this on an AMD64/x86_64 computer. The steps above are the same except that you need to first install the amd64 version of gcc 3.3 as well.dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.debOne extra step is to also install the 32 bit libstdc libraries as snx is compiled as a i386 application.
dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp cp -v x/usr/lib/* /usr/lib32/Shouts go out to Husain Al-Khamis for this one.
and after that snx works just fine …..
until you update to kernel 2.6.32-21-generic which happened to me when I updated to Kubuntu 10.04 LTS.
I got the error message that there is no tun available. This is because the generic kernel was shipped without the tun.ko module that snx (and many other vpn’s ) use to create a virtual network interface.
Luckily the user kazersozet posted a fix which I’m copy and pasting below. The basic fix is supplied at your own risk.
sudo apt-get install build-essential linux-headers-`uname -r`
mkdir faketun
cd faketun
echo -e "#include
\nstatic int start__module(void) {return 0;}\nstatic void end__module(void){return;}\nmodule_init(start__module);\nmodule_exit(end__module);">tun.c
echo -e "obj-m += tun.o\nall:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) modules\nclean:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) clean\nclean-files := Module.symvers">Makefile
make
sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko
sudo depmod -a
sudo modprobe tun
Edit: Please see the comments by Ove – for some reason wordpress is putting in a space see the origional post.
It first installs the applications needed to compile software. Then it creates two files called tun.c (the source code for the new module) and Makefile (the instructions on how to compile it) in a new subdirectory called faketun. Then it uses the make command to compile the software and the it installs it into the correct directory. It then runs depmod to update modules dependencies and finally it installs the new kernel module.
Thank you!
This fixed my problem which happened after upgrade to Ubuntu 10.04.
I got an error message stating: Virtual Network Adapter initialization and configuration failed. Try to reconnect.
Nothing about tun not available.
However, installing the tun solved the problem.
There is one bug in the script: echo -e “#include …. should be echo -e “#include
Thanks again!
Let’s try again
There is one bug in the script: echo -e “… linux /module.h…. should be echo -e “ … linux/module.h
Thanks,
Saved my day, I had no idea that this is why I cant connect via web….
THANKS
You can try to write
install tun /bin/true into…… /etc/modprobe.conf
Pingback: ssl extender on ubuntu 10.04 | Erolucar's Blog
Thank you very much for you precious help.
Thanks fir this.
Installing the libstdc++.so.5 files got me connected to my office (via browser)
Pingback: How to install Checkpoint ssl extender vpn (snx) under Fedora 14 « kenfallon.com
Thanks !
saved me the day with ARCH Linux x86_64. I did the following
yaourt -S lib32-libstdc++5
yaourt -S lib32-libx11
yaourt -S lib32-cracklib
LD_PRELOAD=/usr/lib32/libstdc++.so.5 snx
Got connected
does not work under google chrome and ubuntu amd64 11.04
Hello,
This page saved me when I update to 10.04.
I continue updating till 11.04 without any problem.
I just made a new OS install (11.04) and snx use fail with the following message:
snx
bash: /usr/bin/snx: Aucun fichier ou dossier de ce type (no file or repository of this type.
When looking
ls -l /usr/bin/snx*
-r-s–x–x 1 root root 3273196 2011-06-26 01:37 /usr/bin/snx
-r-xr-xr-x 1 root root 747 2011-06-26 01:37 /usr/bin/snx_uninstall
it is there.
Any idea ?
Thanks in advance
on Centos5:
yum install libstdc++
yum install libstdc++.so.5
Pingback: How to install checkpoint ssl extender VPN SNX under Fedora 16 64bit | kenfallon.com
Thanks!
Here is what helped me overcome the missing libstdc++.so.5 on Ubuntu 12.4
http://pkgs.org/ubuntu-12.04/ubuntu-universe-i386/libstdc++5_3.3.6-25ubuntu1_i386.deb/download/
no go on lubuntu x86_64
uname -a
Linux yeats 3.13.0-34-generic #60-Ubuntu SMP Wed Aug 13 15:45:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ls -l /usr/bin/snx
-r-s–x–x 1 root root 3277356 Oct 29 07:52 /usr/bin/snx
tried the above insall for libsdc++.so.5 . . .
root@yeats:~# find /usr/lib -name libstdc++\* -exec ls -l {} \;
total 984
-rw-r–r– 1 root root 1006992 Aug 26 17:58 libstdc++.so.6
-rw-r–r– 1 root root 1006992 Aug 26 17:58 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6
lrwxrwxrwx 1 root root 18 Oct 29 07:36 /usr/lib/i386-linux-gnu/libstdc++.so.5 -> libstdc++.so.5.0.7
-rw-r–r– 1 root root 737340 Oct 29 07:36 /usr/lib/i386-linux-gnu/libstdc++.so.5.0.7
-rw-r–r– 1 root root 979056 Apr 5 2014 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
lrwxrwxrwx 1 root root 19 Aug 26 16:27 /usr/lib/x86_64-linux-gnu/libstdc++.so.6 -> libstdc++.so.6.0.19
lrwxrwxrwx 1 root root 18 Jan 31 2013 /usr/lib/x86_64-linux-gnu/libstdc++.so.5 -> libstdc++.so.5.0.7
-rw-r–r– 1 root root 829792 Jan 31 2013 /usr/lib/x86_64-linux-gnu/libstdc++.so.5.0.7
-rw-r–r– 1 root root 2904238 Apr 5 2014 /usr/lib/gcc/x86_64-linux-gnu/4.8/libstdc++.a
lrwxrwxrwx 1 root root 40 Apr 5 2014 /usr/lib/gcc/x86_64-linux-gnu/4.8/libstdc++.so -> ../../../x86_64-linux-gnu/libstdc++.so.6
$ LD_PRELOAD=/usr/lib/i386-linux-gnu/libstdc++.so.5 snx
bash: /usr/bin/snx: No such file or directory
. . . same as the following
$ snx
bash: /usr/bin/snx: No such file or directory
If someone knows what is wrong, please let me know
Form where I will install ./snx_install.sh?
Login to your firewall page
https://yourfirewall.example.com/sslvpn/Portal/Main
Then under Settings > Edit Native Application Settings
https://yourfirewall.example.com/sslvpn/Portal/SNXSettings
Then it should be under SSL Network Extender:
Download installation for Linux
If that is not the correct version then you will need to get it from the Administrator of your firewall.
I have been asked many many times for the version that works for me, but I am not allowed to distribute it as it is Proprietary Software. I have asked permission from Checkpoint but they did not give any answer (and therefore no permission).
I am continuing to pursue this but I will not distribute software that violates the licensing, on moral, legal and “I will get fired” grounds.
You are great. All of your articles about snx helped me a lot to actually connect to it. Thanks for writing these articles including this one.