Table of Contents
Prep
Make a directory where we can dump our files and install the needed tools for compiling:
mkdir ~/faketun cd faketun/ sudo apt-get install build-essential linux-headers-`uname -r`
Fake tun module
One of the problems with Lucid Lynx and SSL Network Extender (SNX) is that Ubuntu has compiled the tun module into the kernel and SNX expect a kernel module. Therefore we will make a fake module available for SNX. In the faketun create a source file:
vi tun.c
Enter the following:
#include <linux/module.h> static int start__module(void) {return 0;} static void end__module(void){return;} module_init(start__module); module_exit(end__module);
Next up is the makefile:
vi Makefile
Put in this:
obj-m += tun.o all: make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules clean: make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) clean clean-files := Module.symvers
Now build the fake tun module:
cd ~/faktun make make -C /lib/modules/2.6.32-24-generic/build/ M=/home/tdd/faketun modules make[1]: Entering directory `/usr/src/linux-headers-2.6.32-24-generic' CC [M] /home/tdd/faketun/tun.o Building modules, stage 2. MODPOST 1 modules CC /home/tdd/faketun/tun.mod.o LD [M] /home/tdd/faketun/tun.ko make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-24-generic'
Still in the faktun directory, install and refresh module dependencies:
sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko sudo depmod -a sudo modprobe tun
Old libraries
The SNX is compiled against some old libraries and thus we need them on the machine. We will need both the 64-bit and 32-bit version:
cd ~/faketun wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-15ubuntu4_amd64.deb
Now its time to install what we need from the old libraries:
cd ~/faketun sudo dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb sudo dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.deb sudo dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp sudo cp -v tmp/usr/lib/* /usr/lib32/
Getting and installing SNX software
Closing in on target! Get the SNX software from your gateway and install it manually. Don't try to use the webinterface, it wouldn't work as it ask for the non-existing root password:
wget --no-check-certificate https://checkpoint-gateway-address/CSHELL/snx_install.sh chmod +x snx_install.sh sudo ./snx_install.sh
Connecting to gateway
This should basically do it. Now just fire up the client by executing:
snx -s checkpoint-gateway-address -u username Check Point's Linux SNX build 800005004 Please enter your password: SNX authentication: Please confirm the connection to gateway: gwcluster VPN Certificate Root CA fingerprint: ECHO FCK LONE ITU DUG ART LILY TASK HEAL FIX SEN GO Do you accept? [y]es/[N]o: y SNX - connected. Session parameters: =================== Office Mode IP : 192.168.2.25 DNS Server : 192.168.2.31 Secondary DNS Server: 192.168.2.32 DNS Suffix : domain.net Timeout : 8 hours
It will ask for your acceptance of the gateway certificate, which you of course do after checking the fingerprint (right!!), and then the user password/passcode or whatever authentication you use.
You can also make a “.sxnrc” file and put it in your home. The file could look like this:
# This is an example of the ~/.snxrc file server 1.2.3.4 username joe
All you have to do to connect is just type “snx”. It will then pick up the settings from ~/.snxrc.
Disconnecting gateway
You disconnect SNX by running:
snx -d
GUI
Put this into a file and run it. Then zenity will be the gui tool to make a more nicer interface.
#!/bin/bash # This is a Zenity frontend for Check Point SSL Network Extender. function abort { zenity --error --text="VPN Connection Aborted\!" --timeout=1 exit 0 } pidof snx CONNECTED=$(echo $?) if [ $CONNECTED -eq 0 ] then zenity --warning --title="Already online!" --text="$(ifconfig tunsnx)" --no-wrap exit 0 fi GATEWAY=$(zenity --title "VPN Gateway" --entry --text "Enter VPN Gateway Address" --entry-text=gw.dubex.dk) if [ $? -eq 1 ] then abort fi USERNAME=$(zenity --title "Username" --entry --text "Enter Username" --entry-text=tdd) if [ $? -eq 1 ] then abort fi PASSWORD=$(zenity --title "Password" --entry --text "Enter Password/Passcode" --hide-text) if [ $? -eq 1 ] then abort fi echo $PASSWORD | snx -s $GATEWAY -u $USERNAME | zenity --text-info
Source: http://www.linuxplanet.org/blogs/?cat=2475
Files packed in a gzip'ed tarball: faketun.tar.gz