====== Prep ====== Make a directory where we can dump our files and install the needed tools for compiling: mkdir ~/faketun cd faketun/ sudo apt-get install build-essential linux-headers-`uname -r` ====== Fake tun module ====== One of the problems with Lucid Lynx and SSL Network Extender (SNX) is that Ubuntu has compiled the tun module into the kernel and SNX expect a kernel module. Therefore we will make a fake module available for SNX. In the faketun create a source file: vi tun.c Enter the following: #include static int start__module(void) {return 0;} static void end__module(void){return;} module_init(start__module); module_exit(end__module); Next up is the makefile: vi Makefile Put in this: obj-m += tun.o all: make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules clean: make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) clean clean-files := Module.symvers Now build the fake tun module: cd ~/faktun make make -C /lib/modules/2.6.32-24-generic/build/ M=/home/tdd/faketun modules make[1]: Entering directory `/usr/src/linux-headers-2.6.32-24-generic' CC [M] /home/tdd/faketun/tun.o Building modules, stage 2. MODPOST 1 modules CC /home/tdd/faketun/tun.mod.o LD [M] /home/tdd/faketun/tun.ko make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-24-generic' Still in the faktun directory, install and refresh module dependencies: sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko sudo depmod -a sudo modprobe tun ====== Old libraries ====== The SNX is compiled against some old libraries and thus we need them on the machine. We will need both the 64-bit and 32-bit version: cd ~/faketun wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-15ubuntu4_amd64.deb Now its time to install what we need from the old libraries: cd ~/faketun sudo dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb sudo dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.deb sudo dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp sudo cp -v tmp/usr/lib/* /usr/lib32/ ====== Getting and installing SNX software ====== Closing in on target! Get the SNX software from your gateway and install it manually. Don't try to use the webinterface, it wouldn't work as it ask for the non-existing root password: wget --no-check-certificate https://checkpoint-gateway-address/CSHELL/snx_install.sh chmod +x snx_install.sh sudo ./snx_install.sh ====== Connecting to gateway ====== This should basically do it. Now just fire up the client by executing: snx -s checkpoint-gateway-address -u username Check Point's Linux SNX build 800005004 Please enter your password: SNX authentication: Please confirm the connection to gateway: gwcluster VPN Certificate Root CA fingerprint: ECHO FCK LONE ITU DUG ART LILY TASK HEAL FIX SEN GO Do you accept? [y]es/[N]o: y SNX - connected. Session parameters: =================== Office Mode IP : 192.168.2.25 DNS Server : 192.168.2.31 Secondary DNS Server: 192.168.2.32 DNS Suffix : domain.net Timeout : 8 hours It will ask for your acceptance of the gateway certificate, which you of course do after checking the fingerprint (right!!), and then the user password/passcode or whatever authentication you use. You can also make a ".sxnrc" file and put it in your home. The file could look like this: # This is an example of the ~/.snxrc file server 1.2.3.4 username joe All you have to do to connect is just type "snx". It will then pick up the settings from ~/.snxrc. ====== Disconnecting gateway ====== You disconnect SNX by running: snx -d ====== GUI ====== Put this into a file and run it. Then zenity will be the gui tool to make a more nicer interface. #!/bin/bash # This is a Zenity frontend for Check Point SSL Network Extender. function abort { zenity --error --text="VPN Connection Aborted\!" --timeout=1 exit 0 } pidof snx CONNECTED=$(echo $?) if [ $CONNECTED -eq 0 ] then zenity --warning --title="Already online!" --text="$(ifconfig tunsnx)" --no-wrap exit 0 fi GATEWAY=$(zenity --title "VPN Gateway" --entry --text "Enter VPN Gateway Address" --entry-text=gw.dubex.dk) if [ $? -eq 1 ] then abort fi USERNAME=$(zenity --title "Username" --entry --text "Enter Username" --entry-text=tdd) if [ $? -eq 1 ] then abort fi PASSWORD=$(zenity --title "Password" --entry --text "Enter Password/Passcode" --hide-text) if [ $? -eq 1 ] then abort fi echo $PASSWORD | snx -s $GATEWAY -u $USERNAME | zenity --text-info ---- Source: http://www.linuxplanet.org/blogs/?cat=2475 Files packed in a gzip'ed tarball: {{:howtos:faketun.tar.gz|}}