howtos:ssl_network_extender_on_lucid_64-bit
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:ssl_network_extender_on_lucid_64-bit [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Prep ====== | ||
+ | Make a directory where we can dump our files and install the needed tools for compiling: | ||
+ | < | ||
+ | mkdir ~/faketun | ||
+ | cd faketun/ | ||
+ | sudo apt-get install build-essential linux-headers-`uname -r` | ||
+ | </ | ||
+ | ====== Fake tun module ====== | ||
+ | |||
+ | One of the problems with Lucid Lynx and SSL Network Extender (SNX) is that Ubuntu has compiled the tun module into the kernel and SNX expect a kernel module. Therefore we will make a fake module available for SNX. | ||
+ | In the faketun create a source file: | ||
+ | |||
+ | < | ||
+ | vi tun.c | ||
+ | </ | ||
+ | |||
+ | Enter the following: | ||
+ | |||
+ | < | ||
+ | #include < | ||
+ | static int start__module(void) {return 0;} | ||
+ | static void end__module(void){return; | ||
+ | module_init(start__module); | ||
+ | module_exit(end__module); | ||
+ | </ | ||
+ | |||
+ | Next up is the makefile: | ||
+ | |||
+ | < | ||
+ | vi Makefile | ||
+ | </ | ||
+ | |||
+ | Put in this: | ||
+ | |||
+ | < | ||
+ | obj-m += tun.o | ||
+ | all: | ||
+ | make -C / | ||
+ | clean: | ||
+ | make -C / | ||
+ | clean-files := Module.symvers | ||
+ | </ | ||
+ | |||
+ | Now build the fake tun module: | ||
+ | |||
+ | < | ||
+ | cd ~/faktun | ||
+ | make | ||
+ | make -C / | ||
+ | make[1]: Entering directory `/ | ||
+ | CC [M] / | ||
+ | Building modules, stage 2. | ||
+ | MODPOST 1 modules | ||
+ | CC / | ||
+ | LD [M] / | ||
+ | make[1]: Leaving directory `/ | ||
+ | </ | ||
+ | |||
+ | Still in the faktun directory, install and refresh module dependencies: | ||
+ | |||
+ | < | ||
+ | sudo install tun.ko / | ||
+ | sudo depmod -a | ||
+ | sudo modprobe tun | ||
+ | </ | ||
+ | |||
+ | ====== Old libraries ====== | ||
+ | The SNX is compiled against some old libraries and thus we need them on the machine. We will need both the 64-bit and 32-bit version: | ||
+ | |||
+ | < | ||
+ | cd ~/faketun | ||
+ | wget http:// | ||
+ | wget http:// | ||
+ | wget http:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | Now its time to install what we need from the old libraries: | ||
+ | < | ||
+ | cd ~/faketun | ||
+ | sudo dpkg -i gcc-3.3-base_3.3.6-15ubuntu4_amd64.deb | ||
+ | sudo dpkg -i libstdc++5_3.3.6-15ubuntu4_amd64.deb | ||
+ | sudo dpkg-deb -x libstdc++5_3.3.6-17ubuntu1_i386.deb ./tmp | ||
+ | sudo cp -v tmp/ | ||
+ | </ | ||
+ | |||
+ | ====== Getting and installing SNX software ====== | ||
+ | |||
+ | Closing in on target! Get the SNX software from your gateway and install it manually. Don't try to use the webinterface, | ||
+ | |||
+ | < | ||
+ | wget --no-check-certificate https:// | ||
+ | chmod +x snx_install.sh | ||
+ | sudo ./ | ||
+ | </ | ||
+ | ====== Connecting to gateway ====== | ||
+ | |||
+ | This should basically do it. Now just fire up the client by executing: | ||
+ | |||
+ | < | ||
+ | snx -s checkpoint-gateway-address -u username | ||
+ | |||
+ | Check Point' | ||
+ | build 800005004 | ||
+ | Please enter your password: | ||
+ | SNX authentication: | ||
+ | Please confirm the connection to gateway: gwcluster VPN Certificate | ||
+ | Root CA fingerprint: | ||
+ | Do you accept? [y]es/[N]o: | ||
+ | y | ||
+ | SNX - connected. | ||
+ | |||
+ | Session parameters: | ||
+ | =================== | ||
+ | Office Mode IP : 192.168.2.25 | ||
+ | DNS Server | ||
+ | Secondary DNS Server: 192.168.2.32 | ||
+ | DNS Suffix | ||
+ | Timeout | ||
+ | </ | ||
+ | |||
+ | It will ask for your acceptance of the gateway certificate, | ||
+ | |||
+ | You can also make a " | ||
+ | |||
+ | < | ||
+ | # This is an example of the ~/.snxrc file | ||
+ | server 1.2.3.4 | ||
+ | username joe | ||
+ | </ | ||
+ | |||
+ | All you have to do to connect is just type " | ||
+ | ====== Disconnecting gateway ====== | ||
+ | You disconnect SNX by running: | ||
+ | |||
+ | < | ||
+ | snx -d | ||
+ | </ | ||
+ | ====== GUI ====== | ||
+ | Put this into a file and run it. Then zenity will be the gui tool to make a more nicer interface. | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | # This is a Zenity frontend for Check Point SSL Network Extender. | ||
+ | |||
+ | function abort { | ||
+ | |||
+ | zenity --error --text=" | ||
+ | exit 0 | ||
+ | } | ||
+ | |||
+ | pidof snx | ||
+ | CONNECTED=$(echo $?) | ||
+ | if [ $CONNECTED -eq 0 ] | ||
+ | then | ||
+ | zenity --warning --title=" | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | |||
+ | GATEWAY=$(zenity --title | ||
+ | if [ $? -eq 1 ] | ||
+ | then | ||
+ | abort | ||
+ | fi | ||
+ | USERNAME=$(zenity --title " | ||
+ | if [ $? -eq 1 ] | ||
+ | then | ||
+ | abort | ||
+ | fi | ||
+ | PASSWORD=$(zenity --title " | ||
+ | if [ $? -eq 1 ] | ||
+ | then | ||
+ | abort | ||
+ | fi | ||
+ | echo $PASSWORD | snx -s $GATEWAY -u $USERNAME | zenity --text-info | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | Source: http:// | ||
+ | |||
+ | Files packed in a gzip' |
howtos/ssl_network_extender_on_lucid_64-bit.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1