-
-
Save ikurni/b88b8f32eacd2e39c11cb52b6f0b5ba2 to your computer and use it in GitHub Desktop.
### Install few required packages to run SNX | |
sudo dnf install -y java-1.8.0-openjdk.x86_64 icedtea-web.x86_64 libstdc++.i686 libX11.i686 libpamtest.i686 libnsl.i686 | |
### Download compat-libstdc++ driver and install it | |
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/compat-libstdc++-33-3.2.3-72.el7.i686.rpm | |
sudo dnf -y install compat-libstdc++-33-3.2.3-72.el7.i686.rpm | |
### Install snx_linux.sh | |
### Download snx_linux_30.sh file from Checkpoint | |
### Active URL : https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824 | |
### or Alternative URL: wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh | |
sh snx_install_linux30.sh | |
### Connect to VPN | |
snx -s <servername> -u <username> | |
## Input for prompted password |
I've tried in Fedora 35, and it's working well. MFA with token checking also works.
Fedora 36: even though I get "SNX - connected." I still can't connect to server's domains.
Edit: solution https://ask.fedoraproject.org/t/snx-is-not-working-with-systemd-resolved/24209
Thanks for your your input
I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn
I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn
can I use Login MFA? @ruyrybeyro
I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn
can I use Login MFA? @ruyrybeyro
It is a chrooted wrapper for the SNX+Linux checkpoint agent, it supports anything the official setup supports.
I am using it with MFA. @rodrigofbm
On Fedora 36 I can't install icedtea-web. Will it still work? Are there any alternatives? Thanks!
Also, the URL: [https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824
and the wget command aren't working
@pfcouto As for the wget, the certificate of the mobile web portal is expired. My script https://github.com/ruyrybeyro/chrootvpn will download and install nonetheless. However extra steps have to be taken in the browser for opening that page.
Edit: was making here tests on the new just released Fedora 37, and my script installed everything for your vpnportal.
Hello @ruyrybeyro, can you help me out? Managed to get here using your script. However I don't know how to install certutil. I am on Fedora 37.
Previously I used vnp.sh -i --vpn=FQDN_DNS_name_of_VPN
to configure. Right now I ran vnp.sh start
opened https://localhost:14186/id
, to be honest I don't know the point of opening it and then opened https://vpn.ipleiria.pt
. I then get what I show in the picture. Can't say for sure that I did everything well, so if necessary walk me through all the steps, even the configuration ones please. Thanks!
After reloading the page (did NOT instal certutil, I can enter the site).
However it looks like I am and I am not connected. If i run ping 1.1.1.1
I don't get a response, which is normal, but if I try to connect to a VM (that is inside the school), or a website that is deployed in the school (therefore I need to use the vpn to access it) I can't
@pfcouto , I answered reading the email and not the edited version.
It seems DNS is not being resolved. I would recommend detailing the Linux distro, sending me a vpn.sh status, and a ls -la /etc/resolv.conf + a cat /etc/resolv.conf with the vpn on. please open an issue in my github or send me an email
As it is a DNS isssue, you can reach VMs via IP address. As for the site, it might depend on routing too.
Is this still valid for Fedora 35 and does it support MFA?