Linux Checkpoint SNX tool configuration issues
I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.
I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx
tool.
What I've done:
- installed the Root CA certificates of the VPN;
- installed the snx_install.sh on my machine with success;
- also installed the python tools you recomended but I think I didn't need them.
What I have:
- My system is Linux Mint 19 (based on Ubuntu 18);
- I've Check Point's Linux SNX build 800007097.
What I tried:
running the snx
tool both with arguments and with config file (.snxrc
) and both gave the error:
SNX: Authentication failed
My.snxrc
file has this (user and server are illustrative ):
server MYVPNSERVER
username MYUSER
reauth yes
Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.
debian vpn checkpoint
add a comment |
I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.
I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx
tool.
What I've done:
- installed the Root CA certificates of the VPN;
- installed the snx_install.sh on my machine with success;
- also installed the python tools you recomended but I think I didn't need them.
What I have:
- My system is Linux Mint 19 (based on Ubuntu 18);
- I've Check Point's Linux SNX build 800007097.
What I tried:
running the snx
tool both with arguments and with config file (.snxrc
) and both gave the error:
SNX: Authentication failed
My.snxrc
file has this (user and server are illustrative ):
server MYVPNSERVER
username MYUSER
reauth yes
Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.
debian vpn checkpoint
add a comment |
I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.
I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx
tool.
What I've done:
- installed the Root CA certificates of the VPN;
- installed the snx_install.sh on my machine with success;
- also installed the python tools you recomended but I think I didn't need them.
What I have:
- My system is Linux Mint 19 (based on Ubuntu 18);
- I've Check Point's Linux SNX build 800007097.
What I tried:
running the snx
tool both with arguments and with config file (.snxrc
) and both gave the error:
SNX: Authentication failed
My.snxrc
file has this (user and server are illustrative ):
server MYVPNSERVER
username MYUSER
reauth yes
Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.
debian vpn checkpoint
I tried a solution mentioned in the question: getting Checkpoint VPN SSL Network Extender working in command line (the accepted answer), but for some reason I'm getting an authentication failed error.
I can access through the web browser to the Checkpoint portal with the credentials I have, but not with the snx
tool.
What I've done:
- installed the Root CA certificates of the VPN;
- installed the snx_install.sh on my machine with success;
- also installed the python tools you recomended but I think I didn't need them.
What I have:
- My system is Linux Mint 19 (based on Ubuntu 18);
- I've Check Point's Linux SNX build 800007097.
What I tried:
running the snx
tool both with arguments and with config file (.snxrc
) and both gave the error:
SNX: Authentication failed
My.snxrc
file has this (user and server are illustrative ):
server MYVPNSERVER
username MYUSER
reauth yes
Important note: is not the user and password since I can do connect using a Windows 10 VM with checkpoint software.
debian vpn checkpoint
debian vpn checkpoint
edited Oct 28 '18 at 8:15
Rui F Ribeiro
40.5k1479137
40.5k1479137
asked Oct 25 '18 at 9:27
ricardogaspar2ricardogaspar2
233
233
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Checkpoint has discontinued (official) support for their snx
client, on the Linux command line, a couple of years ago.
Use of snx
has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.
Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.
So, the snx
version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.
Newer versions might work, with snxconnect
to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx
functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.
I have been using snx
version 800007075 for months now, with Debian Stretch, and it has been working pretty well.
TLDR
The 800007075 works without the snxconnect
python instructions. The newer/your version needs the python hack/tools.
For using the CheckPoint snx
program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.
You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.
PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx
version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)
PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477689%2flinux-checkpoint-snx-tool-configuration-issues%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Checkpoint has discontinued (official) support for their snx
client, on the Linux command line, a couple of years ago.
Use of snx
has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.
Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.
So, the snx
version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.
Newer versions might work, with snxconnect
to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx
functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.
I have been using snx
version 800007075 for months now, with Debian Stretch, and it has been working pretty well.
TLDR
The 800007075 works without the snxconnect
python instructions. The newer/your version needs the python hack/tools.
For using the CheckPoint snx
program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.
You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.
PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx
version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)
PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
add a comment |
Checkpoint has discontinued (official) support for their snx
client, on the Linux command line, a couple of years ago.
Use of snx
has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.
Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.
So, the snx
version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.
Newer versions might work, with snxconnect
to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx
functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.
I have been using snx
version 800007075 for months now, with Debian Stretch, and it has been working pretty well.
TLDR
The 800007075 works without the snxconnect
python instructions. The newer/your version needs the python hack/tools.
For using the CheckPoint snx
program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.
You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.
PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx
version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)
PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
add a comment |
Checkpoint has discontinued (official) support for their snx
client, on the Linux command line, a couple of years ago.
Use of snx
has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.
Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.
So, the snx
version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.
Newer versions might work, with snxconnect
to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx
functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.
I have been using snx
version 800007075 for months now, with Debian Stretch, and it has been working pretty well.
TLDR
The 800007075 works without the snxconnect
python instructions. The newer/your version needs the python hack/tools.
For using the CheckPoint snx
program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.
You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.
PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx
version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)
PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1
Checkpoint has discontinued (official) support for their snx
client, on the Linux command line, a couple of years ago.
Use of snx
has not been supported from the command line after version 800007075 (from 2012) ; newer versions only work officially when invoked from a Java Applet, supplied when browsing the Checkpoint appliance.
Per my post, that you are linking to in your question, 800007075 is the last one having the routines for doing the VPN full setup/configuration in Linux/Debian derivates from the command line. Maybe my fault, in that I am not entirely clear on that.
So, the snx
version 800007097 you are using, won't work, when trying to connect to the VPN from the command line.
Newer versions might work, with snxconnect
to complement the missing routines in the newer snx versions (hence the python tools), however the reverse engineering of the missing snx
functionalities still presents some peculiarities. So, I recommend using the older version, that does not need the python tools.
I have been using snx
version 800007075 for months now, with Debian Stretch, and it has been working pretty well.
TLDR
The 800007075 works without the snxconnect
python instructions. The newer/your version needs the python hack/tools.
For using the CheckPoint snx
program in the command line, without the python tools, you do not download the snx client that comes with your firewall appliance.
You have got to download the old 800007075 version, separately form Oporto Ciencias University, here https://www.fc.up.pt/ci/servicos/acesso/vpn/software/CheckPointVPN_SNX_Linux_800007075.sh ; then follow getting Checkpoint VPN SSL Network Extender working in the command line, for setting it up with more modern version of Debian derivates.
PS. A workmate using the version of Ubuntu your Mint is based, followed my instructions last week using the snx
version 800007075, and has been working fine. (as mentioned, I am using it myself in AntiX/Debian Stretch)
PPS. Taken from the Arch Linux AUR repositories scripts Package Details: snx-800007075 800007075-1, you can also get the 800007075 Checkpoint VPN client at https://starkers.keybase.pub/snx_install_linux30.sh?dl=1
edited Feb 11 at 11:35
answered Oct 25 '18 at 10:15
Rui F RibeiroRui F Ribeiro
40.5k1479137
40.5k1479137
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
add a comment |
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
1
1
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
It worked like a charm. Thanks a lot! :)
– ricardogaspar2
Oct 25 '18 at 17:25
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
Good to know, congrats. As it is in Linux, also doing other tricks with it, not as much constrained as in Windows ;)
– Rui F Ribeiro
Oct 25 '18 at 17:26
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
If I could upvote this answer a thousand times, manually, I would do it.
– dangonfast
Feb 11 at 9:30
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
@dangonfast Thanks for your support! You will be interested in this one too for the steps to install the client: unix.stackexchange.com/questions/450229/…
– Rui F Ribeiro
Feb 11 at 11:33
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477689%2flinux-checkpoint-snx-tool-configuration-issues%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown