Connecting to a Checkpoint VPN from Fedora 29

One of the systems I maintain requires access to a Checkpoint VPN. Until recently, this has meant that I needed a Windows laptop or vm when I traveled. The recipe to connect to the vpn using a command line client called “snx” seems obvious, but is not. Here is how I was able to connect a Fedora 29 Linux machine with version 800007075 of the snx command line client.

Install the Oracle Java JRE

Download Linux x64 RPM:

https://www.java.com/en/download/linux_manual.jsp

Use rpm at the command line instead of using the software installer gui.

(change version number as needed)

rpm -ivh jre-8u191-linux-x64.rpm

dnf install pkgconf-pkg-config

dnf install libcanberra-gtk2.i686

dnf install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5 libnsl.so.1

According to this link:

https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-the-command-line

versions of the snx command line client > 800007075 are not compatible with recent Linux kernels. So we will obtain a copy of that specific version of the SNX command line client:

[root@server etc]# cd ~desktop/tmp/
[root@server tmp]# wget https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh -O snx_install.sh
–2018-12-30 07:34:08– https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh
Resolving www.fc.up.pt (www.fc.up.pt)… 193.137.24.4
Connecting to www.fc.up.pt (www.fc.up.pt)|193.137.24.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 973618 (951K) [application/x-sh]
Saving to: ‘snx_install.sh’

snx_install.sh 100%[====================>] 950.80K 378KB/s in 2.5s

2018-12-30 07:34:26 (378 KB/s) – ‘snx_install.sh’ saved [973618/973618]

and now we make the script executable:

[root@server tmp]# chmod 755 snx_install.sh

run the installation script:

[root@server tmp]# ./snx_install.sh
Installation successful

test a command line connection (use values appropriate for your username and vpnservername)

[root@server tmp]# snx -s vpnservername -u username@domain.com
Check Point’s Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: *.domain.com
Root CA fingerprint: XXX XXX XXXX XXX XXX XXXX XXXX XXX XXX XXXX
Do you accept? [y]es/[N]o:
y
SNX – connected.

Session parameters:
===================
Office Mode IP : x.x.x.x
DNS Server : x.x.x.x
Secondary DNS Server: x.x.x.x
DNS Suffix : domain.com
Timeout : 12 hours

Some useful links:

https://www.java.com/en/download/linux_manual.jsp

CheckPoint SNX install instructions for major Linux distributions

Installing snx on Fedora 28

https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-the-command-line

https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh -O snx_install.sh

Leave a Reply

Your email address will not be published. Required fields are marked *