- 
      
- 
        Save ikurni/b88b8f32eacd2e39c11cb52b6f0b5ba2 to your computer and use it in GitHub Desktop. 
| ### Install few required packages to run SNX | |
| sudo dnf install -y java-1.8.0-openjdk.x86_64 icedtea-web.x86_64 libstdc++.i686 libX11.i686 libpamtest.i686 libnsl.i686 | |
| ### Download compat-libstdc++ driver and install it | |
| wget http://mirror.centos.org/centos/7/os/x86_64/Packages/compat-libstdc++-33-3.2.3-72.el7.i686.rpm | |
| sudo dnf -y install compat-libstdc++-33-3.2.3-72.el7.i686.rpm | |
| ### Install snx_linux.sh | |
| ### Download snx_linux_30.sh file from Checkpoint | |
| ### Active URL : https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824 | |
| ### or Alternative URL: wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh | |
| sh snx_install_linux30.sh | |
| ### Connect to VPN | |
| snx -s <servername> -u <username> | |
| ## Input for prompted password | 
I have written a script for automating the VPN Linux agent setup in a chrooted environment, more secure and supports more distros than the official setup https://github.com/ruyrybeyro/chrootvpn
can I use Login MFA? @ruyrybeyro
It is a chrooted wrapper for the SNX+Linux checkpoint agent, it supports anything the official setup supports.
I am using it with MFA. @rodrigofbm
On Fedora 36 I can't install icedtea-web. Will it still work? Are there any alternatives? Thanks!
Also, the URL: [https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails&fileid=22824
and the wget command aren't working
@pfcouto As for the wget, the certificate of the mobile web portal is expired. My script https://github.com/ruyrybeyro/chrootvpn will download and install nonetheless. However extra steps have to be taken in the browser for opening that page.
Edit: was making here tests on the new just released Fedora 37, and my script installed everything for your vpnportal.
Hello @ruyrybeyro, can you help me out? Managed to get here using your script. However I don't know how to install certutil. I am on Fedora 37.
Previously I used vnp.sh -i --vpn=FQDN_DNS_name_of_VPN to configure. Right now I ran vnp.sh start opened https://localhost:14186/id, to be honest I don't know the point of opening it and then opened https://vpn.ipleiria.pt. I then get what I show in the picture. Can't say for sure that I did everything well, so if necessary walk me through all the steps, even the configuration ones please. Thanks!
After reloading the page (did NOT instal certutil, I can enter the site).
However it looks like I am and I am not connected. If i run ping 1.1.1.1 I don't get a response, which is normal, but if I try to connect to a VM (that is inside the school), or a website that is deployed in the school (therefore I need to use the vpn to access it) I can't
@pfcouto , I answered reading the email and not the edited version.
It seems DNS is not being resolved. I would recommend detailing the Linux distro, sending me a vpn.sh status, and a ls -la /etc/resolv.conf + a cat /etc/resolv.conf with the vpn on. please open an issue in my github or send me an email
As it is a DNS isssue, you can reach VMs via IP address. As for the site, it might depend on routing too.
sudo dnf install -y java-1.8.0-openjdk.x86_64 icedtea-web.x86_64 libstdc++.i686 libX11.i686 libpamtest.i686 libnsl.i686
sudo wget https://linuxsoft.cern.ch/cern/centos/7/updates/x86_64/Packages/Packages/compat-libstdc++-33-3.2.3-72.el7.i686.rpm
sudo dnf -y compat-libstdc++-33-3.2.3-72.el7.i686.rpm
Now it's::
Now it's::
sudo ./snx_install_linux30.sh
Now it's:
snx -s servername -u username
Or we'll do automation. The problem with sns is that there is no place for a password in its configuration and it must be entered regularly by yourself. I solved this problem this way: create a production file in the home directory.sh and fill it out. Don't forget to create the .snxrc configuration file.
cd
touch ~/production.sh
Then put this in file:
spawn snx
expect "Please enter your password:"
sleep 2
send "HERE YOU PASSWORD"
interact
Then:
sudo dnf install expect
chmod +x ./production.sh
Create links for easy connection:
If bash.
echo "alias csnx='sudo ~/production.sh'" >> ~/.bashrc
echo "alias esnx='sudo snx -d'" >> ~/.bashrc
If zsh.
echo "alias csnx='sudo ~/production.sh'" >> ~/.zshrc
echo "alias esnx='sudo snx -d'" >> ~/.zshrc





can I use Login MFA? @ruyrybeyro