One of the systems I maintain requires access to a Checkpoint VPN. Until recently, this has meant that I needed a Windows laptop or vm when I traveled. The recipe to connect to the vpn using a command line client called “snx” seems obvious, but is not. Here is how I was able to connect a Fedora 29 Linux machine with version 800007075 of the snx command line client.
Install the Oracle Java JRE
Download Linux x64 RPM:
https://www.java.com/en/download/linux_manual.jsp
Use rpm at the command line instead of using the software installer gui.
(change version number as needed)
rpm -ivh jre-8u191-linux-x64.rpm
dnf install pkgconf-pkg-config
dnf install libcanberra-gtk2.i686
dnf install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5 libnsl.so.1
According to this link:
versions of the snx command line client > 800007075 are not compatible with recent Linux kernels. So we will obtain a copy of that specific version of the SNX command line client:
[root@server etc]# cd ~desktop/tmp/
[root@server tmp]# wget https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh -O snx_install.sh
–2018-12-30 07:34:08– https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh
Resolving www.fc.up.pt (www.fc.up.pt)… 193.137.24.4
Connecting to www.fc.up.pt (www.fc.up.pt)|193.137.24.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 973618 (951K) [application/x-sh]
Saving to: ‘snx_install.sh’
snx_install.sh 100%[====================>] 950.80K 378KB/s in 2.5s
2018-12-30 07:34:26 (378 KB/s) – ‘snx_install.sh’ saved [973618/973618]
and now we make the script executable:
[root@server tmp]# chmod 755 snx_install.sh
run the installation script:
[root@server tmp]# ./snx_install.sh
Installation successful
test a command line connection (use values appropriate for your username and vpnservername)
[root@server tmp]# snx -s vpnservername -u username@domain.com
Check Point’s Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: *.domain.com
Root CA fingerprint: XXX XXX XXXX XXX XXX XXXX XXXX XXX XXX XXXX
Do you accept? [y]es/[N]o:
y
SNX – connected.
Session parameters:
===================
Office Mode IP : x.x.x.x
DNS Server : x.x.x.x
Secondary DNS Server: x.x.x.x
DNS Suffix : domain.com
Timeout : 12 hours
Some useful links:
https://www.java.com/en/download/linux_manual.jsp
https://kenfallon.com/checkpoint-snx-install-instructions-for-major-linux-distributions/
https://kenfallon.com/installing-snx-on-fedora-28/