Skip to content

Instantly share code, notes, and snippets.

@ikurni
Last active October 4, 2024 19:27
Show Gist options
  • Save ikurni/b88b8f32eacd2e39c11cb52b6f0b5ba2 to your computer and use it in GitHub Desktop.
Save ikurni/b88b8f32eacd2e39c11cb52b6f0b5ba2 to your computer and use it in GitHub Desktop.
How to install SNX Checkpoint VPN client in Fedora 33
### Install few required packages to run SNX
sudo dnf install -y java-1.8.0-openjdk.x86_64 icedtea-web.x86_64 libstdc++.i686 libX11.i686 libpamtest.i686 libnsl.i686
### Download compat-libstdc++ driver and install it
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/compat-libstdc++-33-3.2.3-72.el7.i686.rpm
sudo dnf -y install compat-libstdc++-33-3.2.3-72.el7.i686.rpm
### Install snx_linux.sh
### Download snx_linux_30.sh file from Checkpoint
### Active URL : https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824
### or Alternative URL: wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh
sh snx_install_linux30.sh
### Connect to VPN
snx -s <servername> -u <username>
## Input for prompted password
@mahyarmirrashed
Copy link

Is this still valid for Fedora 35 and does it support MFA?

@ikurni
Copy link
Author

ikurni commented Feb 18, 2022

I've tried in Fedora 35, and it's working well. MFA with token checking also works.

@rodrigofbm
Copy link

rodrigofbm commented Jul 25, 2022

Fedora 36: even though I get "SNX - connected." I still can't connect to server's domains.

Edit: solution https://ask.fedoraproject.org/t/snx-is-not-working-with-systemd-resolved/24209

@ikurni
Copy link
Author

ikurni commented Aug 4, 2022

Thanks for your your input

@ruyrybeyro
Copy link

I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn

@rodrigofbm
Copy link

I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn

can I use Login MFA? @ruyrybeyro

@ruyrybeyro
Copy link

ruyrybeyro commented Oct 28, 2022

I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn

can I use Login MFA? @ruyrybeyro

It is a chrooted wrapper for the SNX+Linux checkpoint agent, it supports anything the official setup supports.
I am using it with MFA. @rodrigofbm

@pfcouto
Copy link

pfcouto commented Nov 15, 2022

On Fedora 36 I can't install icedtea-web. Will it still work? Are there any alternatives? Thanks!

image

Also, the URL: [https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824

and the wget command aren't working

image

@ruyrybeyro
Copy link

ruyrybeyro commented Nov 16, 2022 via email

@ruyrybeyro
Copy link

ruyrybeyro commented Nov 16, 2022

@pfcouto As for the wget, the certificate of the mobile web portal is expired. My script https://github.com/ruyrybeyro/chrootvpn will download and install nonetheless. However extra steps have to be taken in the browser for opening that page.

Edit: was making here tests on the new just released Fedora 37, and my script installed everything for your vpnportal.

@pfcouto
Copy link

pfcouto commented Nov 28, 2022

Hello @ruyrybeyro, can you help me out? Managed to get here using your script. However I don't know how to install certutil. I am on Fedora 37.

Previously I used vnp.sh -i --vpn=FQDN_DNS_name_of_VPN to configure. Right now I ran vnp.sh start opened https://localhost:14186/id, to be honest I don't know the point of opening it and then opened https://vpn.ipleiria.pt. I then get what I show in the picture. Can't say for sure that I did everything well, so if necessary walk me through all the steps, even the configuration ones please. Thanks!

image

After reloading the page (did NOT instal certutil, I can enter the site).

image

However it looks like I am and I am not connected. If i run ping 1.1.1.1 I don't get a response, which is normal, but if I try to connect to a VM (that is inside the school), or a website that is deployed in the school (therefore I need to use the vpn to access it) I can't

image

@ruyrybeyro
Copy link

ruyrybeyro commented Nov 29, 2022 via email

@ruyrybeyro
Copy link

ruyrybeyro commented Nov 29, 2022

@pfcouto , I answered reading the email and not the edited version.

It seems DNS is not being resolved. I would recommend detailing the Linux distro, sending me a vpn.sh status, and a ls -la /etc/resolv.conf + a cat /etc/resolv.conf with the vpn on. please open an issue in my github or send me an email

As it is a DNS isssue, you can reach VMs via IP address. As for the site, it might depend on routing too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment