Skip to content

Instantly share code, notes, and snippets.

@rkueny
Created July 21, 2016 08:33
Show Gist options
  • Save rkueny/301f7ead21ed2a0ee8bbe2d755bed90b to your computer and use it in GitHub Desktop.
Save rkueny/301f7ead21ed2a0ee8bbe2d755bed90b to your computer and use it in GitHub Desktop.
Checkpoint SNX VPN client installation shell script
mkdir temp && cd temp
# for linux 'amd64' architecture install those packages:
sudo apt-get install libx11-6:i386 libpam0g:i386 libstdc++5:i386 lib32z1 lib32ncurses5 lib32bz2-1.0
wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh
sudo ./snx_install.sh
cd .. && rm -rf temp/
@ThiagoBfim
Copy link

@savely-krasovsky
Copy link

savely-krasovsky commented Apr 27, 2021

@qg0 binary is x86, but your system is x86-64. Add multiarch support and install required libraries

@yanzadmiral
Copy link

@efibutov
Copy link

Hi guys!
I have segfault ([1] 147836 segmentation fault (core dumped)) and can run it again only after restarting the OS (Ubuntu 21.10). I assume there is some file that prevents the snx to run again. How can I solve this issue?

Thanks in advance

@yurayko
Copy link

yurayko commented Jan 13, 2022

May be tunsnx remains active after crash?
ip a ?
Also try to start snx with debug snx -g

@efibutov
Copy link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 04:d4:c4:f1:34:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.14/24 brd 192.168.1.255 scope global dynamic noprefixroute enp5s0
valid_lft 3019sec preferred_lft 3019sec
inet6 fe80::48ae:3767:b432:aca4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: tunsnx: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.11.12.41 peer 10.11.12.40/32 scope global tunsnx
valid_lft forever preferred_lft forever
inet6 fe80::50f9:5441:a75c:70be/64 scope link stable-privacy
valid_lft forever preferred_lft forever

@yurayko
Copy link

yurayko commented Jan 13, 2022

I hope, snx -d must make disconnect and remove tunsnx
snx never crash on my Debian 11.2

@efibutov
Copy link

I do snx -d but it still crashes

@osungjinwoo
Copy link

osungjinwoo commented Jan 17, 2022

I fix this error! And I create this tutorial!

cd /usr/bin/
sudo sh snx_uninstall.sh

wget http://www.pucrs.br/trabalheremoto/snx_install_linux30.sh -O snx_install.sh

sudo bash snx_install_linux30.sh
sudo ldd /usr/bin/snx
sudo dpkg --add-architecture i386
cat /var/lib/dpkg/arch
sudo apt update
sudo apt install libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386 libnss3-tools
chmod +x snx_install_linux30.sh
sudo ./snx_install_linux30.sh

snx -s 127.0.0.1 -u myuser

@cahyowhy
Copy link

now build 800010003 doesn't work for me,
it shows Connection Aborted after typing the password

any suggestions guys

@ruyrybeyro
Copy link

ruyrybeyro commented Oct 11, 2022

I used to work with SNX connecting directly to CheckPoint VPN servers.

Meanwhile, CheckPoint VPN/snx was updated for TLS 1.2 and now CheckPoint checks for the user agent. Afaik, neither the old standalone version of SNX in the command line, nor snxvpn work anymore. Nowadays, it has to be SNX+CShell agent+Java+an Internet browser.

SNX and CShell install have also their share of problems, and I wrote a script to get around them and install them in a chroot, supporting many Linux distributions.

See https://github.com/ruyrybeyro/chrootvpn and the new chosen answer for https://unix.stackexchange.com/questions/450131/vpn-ssl-network-extender-in-firefox

@CaioViktor
Copy link

I used to work with SNX connecting directly to CheckPoint VPN servers.

Meanwhile, CheckPoint VPN/snx was updated for TLS 1.2 and now CheckPoint checks for the user agent. Afaik, neither the old standalone version of SNX in the command line, nor snxvpn work anymore. Nowadays, it has to be SNX+CShell agent+Java+an Internet browser.

SNX and CShell install have also their share of problems, and I wrote a script to get around them and install them in a chroot, supporting many Linux distributions.

See https://github.com/ruyrybeyro/chrootvpn and the new chosen answer for https://unix.stackexchange.com/questions/450131/vpn-ssl-network-extender-in-firefox

Thank you, your solution worked for me!

@ruyrybeyro
Copy link

In the meanwhile my solution was slightly adapted to Debian 12 and more linux distros.

@LucasAMV
Copy link

I am using:
Ubuntu 24.04
Check Point's Linux SNX build 800010003

image

I was getting "Segmentation fault (core dumped)" trying to connect to my job vpn, my other team members that also use linux (Mint) were connecting normally so obviously the problem was my OS. Doing some investigation and I found the /etc/resolv.conf with some crazy data, deleted the file, rebooted the OS so the file could be autogenerated again and SNX was able to connect normally.

image

There should be some way to autogenerate the /etc/resolv.conf without rebooting after deleting it, if the stub file exists, try:
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
then
sudo systemctl restart systemd-resolved && sudo systemctl restart NetworkManager
then try reconnecting to your vpn.

Everytime I disconnect from my job vpn (snx -d) it leaves some dirty data in resolv.conf that might break following attempts to reconnect, so if you have problems connecting check resolv.conf.

@thiagodornelles
Copy link

I am using: Ubuntu 24.04 Check Point's Linux SNX build 800010003

image

I was getting "Segmentation fault (core dumped)" trying to connect to my job vpn, my other team members that also use linux (Mint) were connecting normally so obviously the problem was my OS. Doing some investigation and I found the /etc/resolv.conf with some crazy data, deleted the file, rebooted the OS so the file could be autogenerated again and SNX was able to connect normally.

image

There should be some way to autogenerate the /etc/resolv.conf without rebooting after deleting it, if the stub file exists, try: sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf then sudo systemctl restart systemd-resolved && sudo systemctl restart NetworkManager then try reconnecting to your vpn.

Everytime I disconnect from my job vpn (snx -d) it leaves some dirty data in resolv.conf that might break following attempts to reconnect, so if you have problems connecting check resolv.conf.

I have this error every now and then. I was able to overcome this problem by restarting resolved as you mentioned:
sudo systemctl restart systemd-resolved

@JapuDCret
Copy link

I fix this error! And I create this tutorial!

cd /usr/bin/ sudo sh snx_uninstall.sh

wget http://www.pucrs.br/trabalheremoto/snx_install_linux30.sh -O snx_install.sh

sudo bash snx_install_linux30.sh sudo ldd /usr/bin/snx sudo dpkg --add-architecture i386 cat /var/lib/dpkg/arch sudo apt update sudo apt install libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386 libnss3-tools
chmod +x snx_install_linux30.sh
sudo ./snx_install_linux30.sh

ty @al4xs - worked!
chrootvpn did not work for me, as the Checkpoint I'm connecting to is pretty old

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment