Check Point SSL Network Extender

Posted on 2011-05-19 by ken_fallon

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

In what is becoming a bit of a series, today I’ll be covering how to get Check Point SSL Network Extender installed under kubuntu. From the checkpoint site:

SSL Network Extender is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application.

It works based on java so the first thing you will need to install is sun’s java runtime client. You will need the partner repository installed and your system updated.

sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts

Once that is done you can restart Firefox and browse over to java.com to make sure that you have java working.

You should see a message like this:

Verified Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 24).

Once java is working you can go to the snx website. If you don’t know the url ask your network administrator. You may be notified about popups so just allow them for your site.

Once you have accepted and reloaded the page you will be prompted to enter your username and password.

After this you will be asked to install an update to the software. This installs the snx software in the background. One thing to note is that it is looking for the root password and not the sudo password. Ubuntu ships without this set so you’ll need to set a root password using the following command.

sudo passwd

You can confirm it’s set correctly using the command

su -

and if you see the prompt change to “#” then you know it’s working. Switch back to the snx_install.sh window and enter the password.

Once you do that you should very briefly see a message saying that the install was successful. At this point the standard snx software is installed but you will probably see the error

Failed to initialize

When you run the snx client on the command line you will see:

user@pc:~$ snx
snx: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

The solution is to install libstdc++5

sudo aptitude install libstdc++5

Once that is done typing snx should be error free and give you something like this:

user@pc:~$ snx
failed to open file: /home/username/.snxrc
Valid attributes are:
- server          SNX server to connet to
- sslport         The SNX SSL port (if not default)
- username        the user name
- certificate     certificate file to use
- calist          directory containing CA files
- reauth          enable automatic reauthentication. Valid values { yes, no }
- debug           enable debug output. Valid values { yes, 1-5 }
- cipher          encryption algorithm to use. Valid values { RC4 / 3DES }
- proxy_name      proxy hostname
- proxy_port      proxy port
- proxy_user      username for proxy authentication
user@pc:~$

You’re still not home and dry because you may need to accept the VPN Certificate. To get around this you need to login via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build XXXXXXXXXXXX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

Posted in General, snx | Tagged , , , | 24 Comments

Competition to design Mini Business Cards for HPR

Posted on 2011-01-07 by ken_fallon

I Need Help

I would like to have some mini-business cards made. The idea been to give them out at shows, to people interested in recording a show or to potential interviewees. I’ve also seen them used to add a touch of professionalism to recorded dvd’s and cd’s. Despite watching the entire http://screencasters.heathenx.org/ series I’m still lacking anything approaching artistic flair.  So I’m putting out the call for help to design the business cards.

The back

Let’s talk about the back first. It should have a QR code to the Hacker Public Radio About page and the rest can be anything. At the moment I have the list of contact information but  feel free to do what you like. We’ll need to pick the “best” one as there can only be one version of the back.

The Front

We have a lot more freedom with the front as there can be up to 100 different versions in a print run. So if you send in a version it’s very likely that it will get printed. Let your imagination run wild but keep in mind that the design should embody what HPR is about (good luck with that !)

The site moo.com where I’m going to get them printed has design guidelines and the size you are working to is 874 x 378 pixels @ 300dpi.

The Prize ?

My eternal gratitude, gratitude of everyone on the planet for not inflicting my attempt at art on them. Seriously I’ll add your name to the contributers page on HPR and will also mail you 10 cards with your design. And if you’re willing to pick it up or pay the postage you can have one of these computer books.

Posted in General | 2 Comments

How to install Checkpoint ssl extender vpn (snx) under Fedora 14

Posted on 2010-11-21 by ken_fallon

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

This is the Fedora 14 AMD64 version of my previous post How to install Checkpoint ssl extender vpn (snx) under Debian/Kubuntu. Running the install is the same and hopefully will go without error.

./snx_install.sh

Unfortunately snx will not run complaining about missing libraries

[root@laptop checkpoint]# ldd /usr/bin/snx
        linux-gate.so.1 =>  (0xf773e000)
        libX11.so.6 => /usr/lib/libX11.so.6 (0xf75f2000)
        libpthread.so.0 => /lib/libpthread.so.0 (0xf75d6000)
        libresolv.so.2 => /lib/libresolv.so.2 (0xf75bc000)
        libdl.so.2 => /lib/libdl.so.2 (0x4c766000)
        libpam.so.0 => not found
        libnsl.so.1 => /lib/libnsl.so.1 (0xf75a0000)
        libstdc++.so.5 => not found
        libc.so.6 => /lib/libc.so.6 (0x4c5d0000)
        libxcb.so.1 => /usr/lib/libxcb.so.1 (0xf7582000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7564000)
        /lib/ld-linux.so.2 (0x4c5ac000)
        libXau.so.6 => /usr/lib/libXau.so.6 (0xf7561000)

The solution for some of the problems are to install the following packages:

yum install compat-libstdc++-33.x86_64 compat-libstdc++-33.i686 audit-libs.i686

Unfortunately some problems remain

[root@laptop checkpoint]# ldd /usr/bin/snx | grep "not found"
        libpam.so.0 => not found

After getting a lot of help from JessiJames and thrice` on #oggcastplanet @ freenode we came up with this solution:

First get the i686 version of pam, then extract it, and finally link the libpam.so.0 to the new location.

wget ftp://rpmfind.net/linux/fedora/updates/14/x86_64/pam-1.1.1-6.fc14.i686.rpm
rpm2cpio pam-1.1.1-6.fc14.i686.rpm | cpio -idmv
mkdir /usr/local/lib/checkpoint32/
find| grep libpam.so.0
cp -v ./lib/libpam.so.0.82.2 /usr/local/lib/checkpoint32/
ln -s /usr/local/lib/checkpoint32/libpam.so.0.82.2 libpam.so.0

Hopefully that should fix it for you as well.

Posted in General, snx | Tagged , , | 6 Comments

Installing Citrix on Fedora 14

Posted on 2010-11-21 by ken_fallon

Some of you my be familiar with my adventures with installing Citrix on Debian based systems, well I’ve been trying out Fedora 14 and came across a few issues as well.

You can make life a lot easier for yourself by downloading the rpm version from the Citrix site. Once you download this you can install it using the following command

yum install --nogpgcheck ./ICAClient-11.100-1.i386.rpm

A full explanation of the command can be found on the Fedora Forums

That installs all the dependencies so we’re almost good to go until we hit the dreaded You have not chosen to trust “/C=US/ST=/L=/O=Equifax/OU=Equifax Secure Certificate Authority/CN=”, the issuer of the server’s security certificate (SSL 61) error.

The common fix was to just copy them from Firefox now mozilla has migrated to using a cert database. The easiest way to export them is using the Firefox plugin Export All Certificates which can be accessed by using Edit -> Preferences -> Advanced -> Encryption Tab -> View Certificates -> Export All. You will need to rename them first to the correct file extension. I used:

rename .der .crt *der

Then I just copied them all to /usr/lib/ICAClient/keystore/cacerts/ and then it worked.

Posted in citrix, General | Tagged , | 6 Comments

Rebooting on the command line

Posted on 2010-11-16 by ken_fallon

I was prompted to write this post after listening to Jonathan Nadeau talk about accessibility in Ubuntu. He mentioned not knowing how to shutdown a GNU/Linux system from the command line yet. As it happens the command to use is in fact shutdown. Specifically:

shutdown now "The system is going down now"

The command is also available in BSD (Including OSX), Solaris, and even Windows.

See also: Reboot under GNU/Linux, BSD, and Solaris.

Posted in General | 1 Comment

Talk Geek To Me Interview

Posted on 2010-10-13 by ken_fallon

I was honoured to be asked to do an interview by Deep Geek on his site Talk Geek To Me. Although the interview focused on the plans for revitalizing  Hacker Public Radio, there was time for a discussion about technology in general and my belief in Doug McIlroy’s Unix philosophy:

This is the Unix philosophy:

  • Write programs that do one thing and do it well.
  • Write programs to work together
  • Write programs to handle text streams, because that is a universal interface.

I just hope I didn’t bring down the tone of his show.

Posted in Podcasts | Tagged , | Leave a comment

Note to future self: Klaatu’s podcast on Audacity

Posted on 2010-10-10 by ken_fallon

The GNU World Order September 23, 2010: Episode 6×01

Could only be improved by making it a video cast.

Posted in Podcasts | Leave a comment

XP guest in a virtual box losing network mappings

Posted on 2010-10-04 by ken_fallon

I had a strange situation where my XP guest would login fine to a domain and everything would work for a period of time. Suddenly the CheckPoint client would pop up even though I did not request anything in the Guest. After this none of my mapped drives would work any more. I suspected that the issue was linked to the CheckPoint client in XP but it actually is because I connected the CheckPoint SNX client in the host GNU/Linux system.

Once the SNX (on the host) makes a connection, new network routing information is available along with new nameserver entries in the DNS /etc/resolv.conf file. After a time this gets passed through to the Guest OS despite the fact that the Guest is running in Bridged mode and should be taking care of this itself. The XP guest picks up the DNS entries for a network that is behind a VPN so it prompts for a connection. If it isn’t made, then it fails and doesn’t look any further. As the network drives are mapped using a DNS name then they are no longer resolvable.

I’ll probably want to look into a better solution than this but for now remove the dns entries from the /etc/resolv.conf and run ipconfig /renew within XP.

Posted in General | Leave a comment

The JakAttack is back (Again)

Posted on 2010-10-01 by ken_fallon

It was an ordinary day.
A day like any other when suddenly…

As I was transferring my ogg casts to my ogg player I realised that there was a new JakAttack episode. The show is by Jon Watson and his wife Kelly Penguin Girl. It resulted from an earlier show that Jon had that was restricted to technology topics. Their network wouldn’t let them change to a more relaxed “tech ‘n talk” format so they left and started JakAttack on their own.

They were going great guns for a while but when they moved back to Nova Scotia and bought a old house to renovate as a B&B, their podcasting time was limited. While others had given up all hope of ever seeing a new episode (even Dan put them in the graveyard section ofhttp://www.thelinuxlink.net/) I knew they wouldn’t let us down.

So here we are – over a year has passed since the last episode and out of the blue Jon and Kelly were back. Back and at top form. Find the next cast (whenever that will be) at:
http://thejakattack.libsyn.com/

….hold on Déjà vu ?

No they are back and Kelly is going to focus on Design this time.

Posted in General | 2 Comments

WordPress Plugin – Are you sure ?

Posted on 2010-09-05 by ken_fallon

This is the second time that I have pressed publish when I meant to press preview. The solution – I hope – is the “Are you sure ?” plugin. All it does is ask you are you sure when you press publish. Let’s see if it works. If you see this well then it didn’t.

Well it works 🙂

If you run wordpress then you can get your copy over at the dev-tips.com website.

Posted in General | Leave a comment