Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Checkpoint SNX VPN client installation shell script
mkdir temp && cd temp
# for linux 'amd64' architecture install those packages:
sudo apt-get install libx11-6:i386 libpam0g:i386 libstdc++5:i386 lib32z1 lib32ncurses5 lib32bz2-1.0
wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh
sudo ./snx_install.sh
cd .. && rm -rf temp/
@skyrocknroll

This comment has been minimized.

Copy link

@skyrocknroll skyrocknroll commented Dec 13, 2017

sudo apt-get install libgtk2.0-0:i386 for ubuntu 16.04

@andrqm

This comment has been minimized.

Copy link

@andrqm andrqm commented Feb 20, 2018

Thanks

@davidlebr1

This comment has been minimized.

Copy link

@davidlebr1 davidlebr1 commented May 14, 2018

I had to install theses packages also apt-get install libstdc++5:i386 libpam0g:i386 libx11-6:i386

@flagod

This comment has been minimized.

Copy link

@flagod flagod commented Jul 19, 2018

Hi, why does the snx_install.sh script have 4000 lines of binary code at the end? Isn't it supposed to be a shell script?

@nachohc

This comment has been minimized.

Copy link

@nachohc nachohc commented Jul 22, 2018

@flagod It's a compressed tar archive located at the end of the script. In the line 17 extracts the file. it's very common on proprietary software for Linux.
You can extract the snx binary:

$ tail -n +78 snx_install.sh > snx.n
$ file snx.n 
snx.n: bzip2 compressed data, block size = 900k
$ tar tf snx.n 
snx
snx_uninstall.sh
$ tar xf snx.n 
$ ls
snx  snx_install.sh  snx.n  snx_uninstall.sh
$ file snx
snx: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped
$ ./snx 
failed to open file: /home/user/.snxrc
Valid attributes are:
   - server          SNX server to connet to
   - sslport         The SNX SSL port (if not default)
   - username        the user name
   - certificate     certificate file to use
   - calist          directory containing CA files
   - reauth          enable automatic reauthentication. Valid values { yes, no }
   - debug           enable debug output. Valid values { yes, 1-5 }
   - cipher          encryption algorithm to use. Valid values { RC4 / 3DES }
   - proxy_name      proxy hostname 
   - proxy_port      proxy port
   - proxy_user      username for proxy authentication
@flagod

This comment has been minimized.

Copy link

@flagod flagod commented Jul 26, 2018

Thanks for the reply @nachohc ! is there any open source client that can be used as an alternative to snx?

@musemby

This comment has been minimized.

Copy link

@musemby musemby commented Jan 31, 2019

If anyone is getting SNX: Authentication failed errors you might want to ensure you have installed snx build 800007075. See https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-the-command-line

@erzads

This comment has been minimized.

Copy link

@erzads erzads commented Apr 12, 2019

I know it's been a long time, but do you have a newer snx version?
I have been using 800007075 but the checkpoint server was updated to use TLS 1.1 and now it doesn't work.
I tried 800008061 too but no success.

They are advising us to use Windows. Help me =\

@pumukovic

This comment has been minimized.

Copy link

@pumukovic pumukovic commented Jun 18, 2019

In the same situation than @erzads ... please an update tu use snx client with updated server to use TLS1.1 and upper. Please help

@archenroot

This comment has been minimized.

Copy link

@archenroot archenroot commented Aug 1, 2019

Well I am on gentoo system, where C14 support is default, so being on GCC 6/7/8, therefore missing the libstdc++.so.5 library on my system, doesn't work.

But as @erzads and @pumukovic suggested, can someone with advanced access to Checkpoint download and bind here the latest ssl extender?
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114267

Thx a lot, hopefully its against on later libstdc++ version

@icedwater

This comment has been minimized.

Copy link

@icedwater icedwater commented Oct 16, 2019

If anyone is getting SNX: Authentication failed errors you might want to ensure you have installed snx build 800007075. See https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-the-command-line

Can anyone verify the md5sum of this script? I got

4372e9936e2dfb1d1ebcef3ed4dd7787  snx_install.sh
@yelled1

This comment has been minimized.

Copy link

@yelled1 yelled1 commented Mar 11, 2020

Can anyone verify the md5sum of this script? I got

4372e9936e2dfb1d1ebcef3ed4dd7787  snx_install.sh

@icedwater got
md5sum snx_install_800007075.sh
4372e9936e2dfb1d1ebcef3ed4dd7787 snx_install_800007075.sh
but likely because we got it from same source. Did u make it work?
Thanks,

@matteoredaelli

This comment has been minimized.

Copy link

@matteoredaelli matteoredaelli commented Apr 27, 2020

It works also for me. thanks!

I used 800007075 until the checkpoint server was updated to use TLS 1.1 . After that, until today, I used the following solution/workaround

https://github.com/agnis-mateuss/snxvpn

@javorekm

This comment has been minimized.

Copy link

@javorekm javorekm commented Aug 5, 2020

Looks like older versions of SNX are not able to work with TLS 1.1. I am playing now with 800010003 from Checkpoint's site (link given by @yurayko, thanks), but no success. From "connection aborted" I have shifted to "authentication failed". When looking into the debug log (-g option from command line) I see, that all is ok, but the communication on the end is not wrong, looks like a wrong format:

[ 4011 -141392832]@debi[5 Aug 17:19:28] ===snx_CCC_browser::send_auth_message===
[ 4011 -141392832]@debi[5 Aug 17:19:28] sending message
[ 4011 -141392832]@debi[5 Aug 17:19:28] talkssl::send_data: Entering for 281 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_connbuf_realloc: reallocating 0 from 0 to 1305
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_in: 6: rc=1, next: 80f2060 with 3, req: 512r, 281w
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_out: 6: sent 0 of 281 bytes == 281 bytes to send
[ 4011 -141392832]@debi[5 Aug 17:19:28] ckpSSL_do_write: write 281 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_out: 6: managed to send 281 of 281 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_out: 6: call: 80f2060 with 3
[ 4011 -141392832]@debi[5 Aug 17:19:28] talkssl::client_handler: after sending packet
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_out: 6: rc=1, next: 80f2060 with 3, req: 512r, 0w
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_in: 6: got 0 of 512 bytes == 512 bytes required
[ 4011 -141392832]@debi[5 Aug 17:19:28] ckpSSL_do_read: read 411 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_in: 6: managed to read 411 of 512 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_mux_in: 6: call: 80f2060 with 3
[ 4011 -141392832]@debi[5 Aug 17:19:28] talkssl::client_handler: state: SSL_RECV - entering
[ 4011 -141392832]@debi[5 Aug 17:19:28] talkssl::client_handler: got 411 bytes, wanted 512 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] fwasync_conn_reset_read: 6
[ 4011 -141392832]@debi[5 Aug 17:19:28] talkssl::client_handler: calling recv with dlen 411
[ 4011 -141392832]@debi[5 Aug 17:19:28] Receive started
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_browser::Receive: started
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_browser::Receive: got 411 bytes
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_CCC_browser::getMessageSize: header length is 279, content length found - 128
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_browser::Receive: message size should be = 411
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_browser::Receive: complete message received
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx_browser::Established: CCC_CLIENT_BAD_FORMAT
[ 4011 -141392832]@debi[5 Aug 17:19:28] snx: quit.
@sahapasci

This comment has been minimized.

Copy link

@sahapasci sahapasci commented Sep 5, 2020

Hi, why does the snx_install.sh script have 4000 lines of binary code at the end? Isn't it supposed to be a shell script?

that's why I didn't run the script

@marcelomaia

This comment has been minimized.

Copy link

@marcelomaia marcelomaia commented Sep 21, 2020

GREAT this post saved me! 😆

@qg0

This comment has been minimized.

Copy link

@qg0 qg0 commented Dec 2, 2020

I am trying to install snx and it says "snx: not found"?
What the problem?

root@145020cf608d:~/vpn# ./snx_install.sh 
Installation successfull
./snx_install.sh: 71: ./snx_install.sh: snx: not found

71 line with snx:

if [ ${STATUS} = 0 ]
then
	echo "Installation successfull"
	mkdir -p ${TMP_DIR}/SNXNM
	snx usage | grep -o -m 1 -E [0-9]+ > ${TMP_DIR}/SNXNM/ver.ini
else
	echo "Installation failed"
fi

Also I extracted snx manually and got this:

root@adc789598511:~/vpn# file snx
snx: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped

root@adc789598511:~/vpn# ./snx
bash: ./snx: No such file or directory
@L11R

This comment has been minimized.

Copy link

@L11R L11R commented Apr 27, 2021

@qg0 binary is x86, but your system is x86-64. Add multiarch support and install required libraries

@yanzadmiral

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment