Thursday, January 3, 2013

Connecting to Checkpoint/using SNX in Ubuntu 12.10 64bit

GET CONNECTED, NOT INFECTED
Get snx, either by going to your Checkpoint site, clicking Manual Download for Linux, and running the bash script downloaded, or by going to the Checkpoint website listed under Links and following the instructions there.

To get snx working properly, we will need to install some prerequisites by doing:
sudo apt-get install icedtea-7-plugin openjdk-7-jre ia32-libs libpam0g:i386

To connect to your Checkpoint site, run
snx -s <your_checkpoint_server> -u <username>, where <your_checkpoint_server> is the IP (i.e. 192.192.192.66) or DNS name (i.e. checkpointserver.example.org) of the Checkpoint server, and <username> is your domain login.

Once connected, you should be able to type ifconfig, and see a new interface called tunsnx with your VPN IP. You will probably need to remember the IP of at least one computer on the other side of the VPN in order to SSH - your company/school/whatever DNS probably won't resolve to right IP when you connect over VPN. I usually ssh to a "homebase" computer on the other side of the VPN, then ssh to other places as needed.

ssh me@192.192.192.67 - YES ----> ssh me@myworkserver - YES
ssh me@myworkdestop - DOUBTFUL

To disconnect, simply do sudo ifconfig tunsnx down; sudo pkill snx
For better disconnection, use snx -d ,as mentioned by kholis in the comments - thanks!


LINKS
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65210

http://kenfallon.com/check-point-ssl-network-extender/

6 comments:

  1. To disconnect better use "snx -d" as mentioned in help.

    ReplyDelete
  2. Hey mate, don't you suffer some connection drops every a few seconds? that's killing me right now.

    ReplyDelete
    Replies
    1. I have not seen that issue in such an extreme - I will sometimes get dropped maybe once or twice in an 8 hour session. Have you checked dmesg for any errors with your hardware? Do other people using the same SNX gateway have the same problem?

      Delete
    2. Hey Mate, I solved this (sorry for not updating my post). The problem was the IP that I use internally. I set the router to assign from x.x.2.1 and that solve the problem. In the office, I asked for the same, but they gave me an explanation saying that they cannot because this is only one computer, and there's a lot of things behind that. So... in the office... I'm stucked. Bloody bureaucracy.

      Which is good, now I work 3 days from my home.

      Delete
  3. I tried to connect to the VPN, but it appears to me the following error:

    # snx -s XXXXX -u user
    snx: error while loading shared libraries: libpam.so.0: cannot open shared object file: No such file or directory

    I'm new to Linux and I'm trying to quit Windows hehe .. Can you help me?
    I installed libpam lib and still error continues ..

    ReplyDelete
  4. I always get a "connection aborted". Everything is installed, but I cannot connect.

    ReplyDelete