====== Prep ======
Make a directory where we can dump our files and install the needed tools for compiling:
mkdir ~/faketun
cd faketun/
sudo apt-get install build-essential linux-headers-`uname -r`
====== Fake tun module ======
One of the problems with Lucid Lynx and SSL Network Extender (SNX) is that Ubuntu has compiled the tun module into the kernel and SNX expect a kernel module. Therefore we will make a fake module available for SNX.
In the faketun create a source file:
vi tun.c
Enter the following:
#include
static int start__module(void) {return 0;}
static void end__module(void){return;}
module_init(start__module);
module_exit(end__module);
Next up is the makefile:
vi Makefile
Put in this:
obj-m += tun.o
all:
make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) clean
clean-files := Module.symvers
Now build the fake tun module:
cd ~/faktun
make
make -C /lib/modules/2.6.32-24-generic/build/ M=/home/tdd/faketun modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.32-24-generic'
CC [M] /home/tdd/faketun/tun.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/tdd/faketun/tun.mod.o
LD [M] /home/tdd/faketun/tun.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-24-generic'
Still in the faktun directory, install and refresh module dependencies:
sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko
sudo depmod -a
sudo modprobe tun
====== Old libraries ======
The SNX is compiled against some old libraries and thus we need them on the machine. We will need both the 64-bit and 32-bit version:
cd ~/faketun
wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb
wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb
wget http://nl.archive.ubuntu.com/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-15ubuntu4_amd64.deb
Now its time to install what we need from the old libraries:
cd ~/faketun
sudo dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb
sudo dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.deb
sudo dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp
sudo cp -v tmp/usr/lib/* /usr/lib32/
====== Getting and installing SNX software ======
Closing in on target! Get the SNX software from your gateway and install it manually. Don't try to use the webinterface, it wouldn't work as it ask for the non-existing root password:
wget --no-check-certificate https://checkpoint-gateway-address/CSHELL/snx_install.sh
chmod +x snx_install.sh
sudo ./snx_install.sh
====== Connecting to gateway ======
This should basically do it. Now just fire up the client by executing:
snx -s checkpoint-gateway-address -u username
Check Point's Linux SNX
build 800005004
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: gwcluster VPN Certificate
Root CA fingerprint: ECHO FCK LONE ITU DUG ART LILY TASK HEAL FIX SEN GO
Do you accept? [y]es/[N]o:
y
SNX - connected.
Session parameters:
===================
Office Mode IP : 192.168.2.25
DNS Server : 192.168.2.31
Secondary DNS Server: 192.168.2.32
DNS Suffix : domain.net
Timeout : 8 hours
It will ask for your acceptance of the gateway certificate, which you of course do after checking the fingerprint (right!!), and then the user password/passcode or whatever authentication you use.
You can also make a ".sxnrc" file and put it in your home. The file could look like this:
# This is an example of the ~/.snxrc file
server 1.2.3.4
username joe
All you have to do to connect is just type "snx". It will then pick up the settings from ~/.snxrc.
====== Disconnecting gateway ======
You disconnect SNX by running:
snx -d
====== GUI ======
Put this into a file and run it. Then zenity will be the gui tool to make a more nicer interface.
#!/bin/bash
# This is a Zenity frontend for Check Point SSL Network Extender.
function abort {
zenity --error --text="VPN Connection Aborted\!" --timeout=1
exit 0
}
pidof snx
CONNECTED=$(echo $?)
if [ $CONNECTED -eq 0 ]
then
zenity --warning --title="Already online!" --text="$(ifconfig tunsnx)" --no-wrap
exit 0
fi
GATEWAY=$(zenity --title "VPN Gateway" --entry --text "Enter VPN Gateway Address" --entry-text=gw.dubex.dk)
if [ $? -eq 1 ]
then
abort
fi
USERNAME=$(zenity --title "Username" --entry --text "Enter Username" --entry-text=tdd)
if [ $? -eq 1 ]
then
abort
fi
PASSWORD=$(zenity --title "Password" --entry --text "Enter Password/Passcode" --hide-text)
if [ $? -eq 1 ]
then
abort
fi
echo $PASSWORD | snx -s $GATEWAY -u $USERNAME | zenity --text-info
----
Source: http://www.linuxplanet.org/blogs/?cat=2475
Files packed in a gzip'ed tarball: {{:indexes:faketun.tar.gz|}}