Ubuntu – Check Point VPN client alternatives

openvpnUbuntuvirtualboxvpn

On Windows I can connect to a VPN with the Check Point Endpoint Security client.

However, since my main desktop is Ubuntu 18.04 I found an alternative client (SNX) which worked until some weeks ago. (I previously also used it with Ubuntu 16.04 and CentOS 7.4).

Until then my recipe was:

  • download CheckPointVPN_SNX_Linux_800007075.sh from
    https://www.fc.up.pt/ci/servicos/acesso/vpn/vpn-cp-linux.html?&item=495
    (for what I read and tested directly, build 800007075 is the only one that works)

  • chmod 777 CheckPointVPN_SNX_Linux_800007075.sh

  • sudo apt-get install libx11-6:i386 libstdc++5:i386 libpam0g:i386
    (don't try to run the next step without this one: you will receive a fake "installed successful" message)

  • sudo sh CheckPointVPN_SNX_Linux_800007075.sh

  • snx -s x.x.x.x -c

That was working perfectly until 30/06/2018. At first I thought some Ubuntu update broke all the magic. (Btw, the Window 7 client was still working, so I couldn't blame the server.)

Then I tried to reload some old Ubuntu 16.04 and CentOS 7.4 images, where it was working, but received the same message:

SNX: Connection aborted.

The only explanation that I can think of is that, on the server side, they made some change that blocked SNX.

I tried with OpenVPN, OpenSSL, and IPsec, also trying to split the p12 cert to the 3 PEM certs required by these clients – no success.

Since I can connect to the VPN from a VirtualBox Windows 7 guest I also tried to "export" this VPN connection from guest to host (i.e. allow the host to connect to the VPN via the guest connection) but still no success.

Do you have any suggestions?

Best Answer

  • I have to use reauth for snx to work ok for me.

    For that I use a .snxrc file in the homedir of the user invoking snxas in:

    server 1.1.1.1
    username xxxxxx
    reauth yes
    

    For more details see https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-command-line/453727