mjhjmtu

We have a Check Point Mobile appliance at work and the Linux client is horrible, I can connect but for that I need:

• Old unsupported Oracle Java installed and enabled in the browser


• Plenty of 32-bit libs


• Run the browser as root

... see the problem? :) They have upgraded the appliance now so I can upgrade Java, and if I give it some time I think I can remove the root requirements from the browser.

I'm trying to use the provided tools, but OpenVPN/SSH tunnels looks more interesting every day. The good thing is that we have the VPN-guy on our side so minor changes in the appliance is a valid option if that helps.

I'm trying to connect without Java if possible, and preferably from the command line/a script. I have tried to use the snx binary downloaded from the appliance but I get stuck on the OTP part, when I connect to the firewall through the browser a SMS message is sent to my phone and I enter a 6 digit number, I have found no way to do this outside the browser.

Has anyone any experience with snx/linux and OTP auth?

For OTP without a browser/Java, from the command line, you might use the snxconnect client from the snxvpn project. https://github.com/agnis-mateuss/snxvpn

The snxconnect is a script in python which tried to reverse engineer the missing bits that were dropped from the snx binary and the web interface to use the Checkpoint VPN from Linux.

The snxconnect is a layer above snx and it says it supports OTP. Never tried it, as we do not use it.

The snxvpn straight installed from pip does not work. For details how to install snxconnect see this question: getting Checkpoint VPN SSL Network Extender working in command line (hint: it is not the accepted answer)

PS. The browser does not has to be run as root, only snx. See VPN SSL Network Extender in Firefox ; but old versions of both Firefox and Java. As for pure snx without snxvpn/snxconnect, I am able to install and run it, however not using OTP.