Linux Checkpoint SNX tool configuration issues












4















I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.



I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx tool.



What I've done:




  1. installed the Root CA certificates of the VPN;

  2. installed the snx_install.sh on my machine with success;

  3. also installed the python tools you recomended but I think I didn't need them.


What I have:




  • My system is Linux Mint 19 (based on Ubuntu 18);

  • I've Check Point's Linux SNX build 800007097.


What I tried:



running the snx tool both with arguments and with config file (.snxrc) and both gave the error:



SNX: Authentication failed



My.snxrc file has this (user and server are illustrative ):



server MYVPNSERVER
username MYUSER
reauth yes


Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.










share|improve this question





























    4















    I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.



    I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx tool.



    What I've done:




    1. installed the Root CA certificates of the VPN;

    2. installed the snx_install.sh on my machine with success;

    3. also installed the python tools you recomended but I think I didn't need them.


    What I have:




    • My system is Linux Mint 19 (based on Ubuntu 18);

    • I've Check Point's Linux SNX build 800007097.


    What I tried:



    running the snx tool both with arguments and with config file (.snxrc) and both gave the error:



    SNX: Authentication failed



    My.snxrc file has this (user and server are illustrative ):



    server MYVPNSERVER
    username MYUSER
    reauth yes


    Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.










    share|improve this question



























      4












      4








      4


      1






      I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.



      I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx tool.



      What I've done:




      1. installed the Root CA certificates of the VPN;

      2. installed the snx_install.sh on my machine with success;

      3. also installed the python tools you recomended but I think I didn't need them.


      What I have:




      • My system is Linux Mint 19 (based on Ubuntu 18);

      • I've Check Point's Linux SNX build 800007097.


      What I tried:



      running the snx tool both with arguments and with config file (.snxrc) and both gave the error:



      SNX: Authentication failed



      My.snxrc file has this (user and server are illustrative ):



      server MYVPNSERVER
      username MYUSER
      reauth yes


      Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.










      share|improve this question
















      I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.



      I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx tool.



      What I've done:




      1. installed the Root CA certificates of the VPN;

      2. installed the snx_install.sh on my machine with success;

      3. also installed the python tools you recomended but I think I didn't need them.


      What I have:




      • My system is Linux Mint 19 (based on Ubuntu 18);

      • I've Check Point's Linux SNX build 800007097.


      What I tried:



      running the snx tool both with arguments and with config file (.snxrc) and both gave the error:



      SNX: Authentication failed



      My.snxrc file has this (user and server are illustrative ):



      server MYVPNSERVER
      username MYUSER
      reauth yes


      Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.







      debian vpn checkpoint






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 28 '18 at 8:15









      Rui F Ribeiro

      40.5k1479137




      40.5k1479137










      asked Oct 25 '18 at 9:27









      ricardogaspar2ricardogaspar2

      233




      233






















          1 Answer
          1






          active

          oldest

          votes


















          4














          Checkpoint has discontinued (official) support for their snx client, on the Linux command line, a couple of years ago.



          Use of snx has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.



          Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.



          So, the snx version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.



          Newer versions might work, with snxconnect to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.



          I have been using snx version 800007075 for months now, with Debian Stretch, and it has been working pretty well.



          TLDR



          The 800007075 works without the snxconnect python instructions. The newer/your version needs the python hack/tools.



          For using the CheckPoint snx program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.



          You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.



          PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)



          PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1






          share|improve this answer





















          • 1





            It worked like a charm. Thanks a lot! :)

            – ricardogaspar2
            Oct 25 '18 at 17:25











          • Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

            – Rui F Ribeiro
            Oct 25 '18 at 17:26













          • If I could upvote this answer a thousand times, manually, I would do it.

            – dangonfast
            Feb 11 at 9:30











          • @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

            – Rui F Ribeiro
            Feb 11 at 11:33













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477689%2flinux-checkpoint-snx-tool-configuration-issues%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          4














          Checkpoint has discontinued (official) support for their snx client, on the Linux command line, a couple of years ago.



          Use of snx has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.



          Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.



          So, the snx version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.



          Newer versions might work, with snxconnect to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.



          I have been using snx version 800007075 for months now, with Debian Stretch, and it has been working pretty well.



          TLDR



          The 800007075 works without the snxconnect python instructions. The newer/your version needs the python hack/tools.



          For using the CheckPoint snx program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.



          You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.



          PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)



          PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1






          share|improve this answer





















          • 1





            It worked like a charm. Thanks a lot! :)

            – ricardogaspar2
            Oct 25 '18 at 17:25











          • Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

            – Rui F Ribeiro
            Oct 25 '18 at 17:26













          • If I could upvote this answer a thousand times, manually, I would do it.

            – dangonfast
            Feb 11 at 9:30











          • @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

            – Rui F Ribeiro
            Feb 11 at 11:33


















          4














          Checkpoint has discontinued (official) support for their snx client, on the Linux command line, a couple of years ago.



          Use of snx has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.



          Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.



          So, the snx version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.



          Newer versions might work, with snxconnect to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.



          I have been using snx version 800007075 for months now, with Debian Stretch, and it has been working pretty well.



          TLDR



          The 800007075 works without the snxconnect python instructions. The newer/your version needs the python hack/tools.



          For using the CheckPoint snx program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.



          You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.



          PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)



          PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1






          share|improve this answer





















          • 1





            It worked like a charm. Thanks a lot! :)

            – ricardogaspar2
            Oct 25 '18 at 17:25











          • Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

            – Rui F Ribeiro
            Oct 25 '18 at 17:26













          • If I could upvote this answer a thousand times, manually, I would do it.

            – dangonfast
            Feb 11 at 9:30











          • @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

            – Rui F Ribeiro
            Feb 11 at 11:33
















          4












          4








          4







          Checkpoint has discontinued (official) support for their snx client, on the Linux command line, a couple of years ago.



          Use of snx has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.



          Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.



          So, the snx version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.



          Newer versions might work, with snxconnect to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.



          I have been using snx version 800007075 for months now, with Debian Stretch, and it has been working pretty well.



          TLDR



          The 800007075 works without the snxconnect python instructions. The newer/your version needs the python hack/tools.



          For using the CheckPoint snx program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.



          You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.



          PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)



          PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1






          share|improve this answer















          Checkpoint has discontinued (official) support for their snx client, on the Linux command line, a couple of years ago.



          Use of snx has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.



          Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.



          So, the snx version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.



          Newer versions might work, with snxconnect to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.



          I have been using snx version 800007075 for months now, with Debian Stretch, and it has been working pretty well.



          TLDR



          The 800007075 works without the snxconnect python instructions. The newer/your version needs the python hack/tools.



          For using the CheckPoint snx program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.



          You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.



          PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)



          PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 11 at 11:35

























          answered Oct 25 '18 at 10:15









          Rui F RibeiroRui F Ribeiro

          40.5k1479137




          40.5k1479137








          • 1





            It worked like a charm. Thanks a lot! :)

            – ricardogaspar2
            Oct 25 '18 at 17:25











          • Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

            – Rui F Ribeiro
            Oct 25 '18 at 17:26













          • If I could upvote this answer a thousand times, manually, I would do it.

            – dangonfast
            Feb 11 at 9:30











          • @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

            – Rui F Ribeiro
            Feb 11 at 11:33
















          • 1





            It worked like a charm. Thanks a lot! :)

            – ricardogaspar2
            Oct 25 '18 at 17:25











          • Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

            – Rui F Ribeiro
            Oct 25 '18 at 17:26













          • If I could upvote this answer a thousand times, manually, I would do it.

            – dangonfast
            Feb 11 at 9:30











          • @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

            – Rui F Ribeiro
            Feb 11 at 11:33










          1




          1





          It worked like a charm. Thanks a lot! :)

          – ricardogaspar2
          Oct 25 '18 at 17:25





          It worked like a charm. Thanks a lot! :)

          – ricardogaspar2
          Oct 25 '18 at 17:25













          Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

          – Rui F Ribeiro
          Oct 25 '18 at 17:26







          Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)

          – Rui F Ribeiro
          Oct 25 '18 at 17:26















          If I could upvote this answer a thousand times, manually, I would do it.

          – dangonfast
          Feb 11 at 9:30





          If I could upvote this answer a thousand times, manually, I would do it.

          – dangonfast
          Feb 11 at 9:30













          @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

          – Rui F Ribeiro
          Feb 11 at 11:33







          @dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…

          – Rui F Ribeiro
          Feb 11 at 11:33




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477689%2flinux-checkpoint-snx-tool-configuration-issues%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          How to make a Squid Proxy server?

          Is this a new Fibonacci Identity?

          19世紀