Using Checkpoint VPN SSL Network Extender CLI with certificate

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I'm trying to use the command line tool from Checkpoint to set up an SSL Network Extender VPN using a certificate (P12) rather than a password.



I tried the solution mentioned in getting Checkpoint VPN SSL Network Extender working in the command line.



Specifically:



  • build 800007075

  • compiled down to 32-bit (as per the accepted answer)

I'm able to connect with the OS X desktop client, but the command line tool throws the following error:



"Virtual Network Adapter initialization and configuration failed. Try to reconnect."



I'm running the connection in a Docker container with the ubuntu:18.04 base image (once I get it to work, I'll port it to something lightweight), using the following command:



RUN snx -s <server_ip> -c <path_to_cert> -g










share|improve this question



























    up vote
    1
    down vote

    favorite












    I'm trying to use the command line tool from Checkpoint to set up an SSL Network Extender VPN using a certificate (P12) rather than a password.



    I tried the solution mentioned in getting Checkpoint VPN SSL Network Extender working in the command line.



    Specifically:



    • build 800007075

    • compiled down to 32-bit (as per the accepted answer)

    I'm able to connect with the OS X desktop client, but the command line tool throws the following error:



    "Virtual Network Adapter initialization and configuration failed. Try to reconnect."



    I'm running the connection in a Docker container with the ubuntu:18.04 base image (once I get it to work, I'll port it to something lightweight), using the following command:



    RUN snx -s <server_ip> -c <path_to_cert> -g










    share|improve this question

























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I'm trying to use the command line tool from Checkpoint to set up an SSL Network Extender VPN using a certificate (P12) rather than a password.



      I tried the solution mentioned in getting Checkpoint VPN SSL Network Extender working in the command line.



      Specifically:



      • build 800007075

      • compiled down to 32-bit (as per the accepted answer)

      I'm able to connect with the OS X desktop client, but the command line tool throws the following error:



      "Virtual Network Adapter initialization and configuration failed. Try to reconnect."



      I'm running the connection in a Docker container with the ubuntu:18.04 base image (once I get it to work, I'll port it to something lightweight), using the following command:



      RUN snx -s <server_ip> -c <path_to_cert> -g










      share|improve this question















      I'm trying to use the command line tool from Checkpoint to set up an SSL Network Extender VPN using a certificate (P12) rather than a password.



      I tried the solution mentioned in getting Checkpoint VPN SSL Network Extender working in the command line.



      Specifically:



      • build 800007075

      • compiled down to 32-bit (as per the accepted answer)

      I'm able to connect with the OS X desktop client, but the command line tool throws the following error:



      "Virtual Network Adapter initialization and configuration failed. Try to reconnect."



      I'm running the connection in a Docker container with the ubuntu:18.04 base image (once I get it to work, I'll port it to something lightweight), using the following command:



      RUN snx -s <server_ip> -c <path_to_cert> -g







      debian vpn ssl checkpoint






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 4 at 13:43









      Rui F Ribeiro

      38.5k1479128




      38.5k1479128










      asked Dec 4 at 1:41









      Ashwin Balamohan

      1084




      1084




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          Using MacOS, I would download/use the latest Mac OS Check Point official client, that is actively supported by CheckPoint, instead of using Docker.



          Been using Checkpoint's client in Mojave for a couple of months now, and contrary to my experience at the beginning of the year, in High Sierra, where it was going off all the time, it is fairly stable now.



          As for running the Linux CheckPoint VPN client/snx in Docker, it won't work.



          The snx VPN client routines:



          • check for the kernel presence/the tun kernel module being loaded;

          • load/insmod the tun kernel module if not loaded;

          • create and use the resulting tunsnx virtual network interface;

          • manipulate your routing table;

          • send traffic through the virtual tunsnx interface.

          Some or all of those actions won't simply happen inside a Docker container.



          TDLR snx inside Docker won't work. Either use the Mac native client, or run the Linux snx VPN client on a Linux VM.



          PS. I would advise getting familiar with the differences between a container and a VM.






          share|improve this answer


















          • 1




            Appreciate the explanation. Thanks, Rui
            – Ashwin Balamohan
            Dec 4 at 13:19






          • 1




            Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
            – Ashwin Balamohan
            Dec 4 at 14:45










          • You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
            – Rui F Ribeiro
            Dec 4 at 14:46











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485800%2fusing-checkpoint-vpn-ssl-network-extender-cli-with-certificate%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted










          Using MacOS, I would download/use the latest Mac OS Check Point official client, that is actively supported by CheckPoint, instead of using Docker.



          Been using Checkpoint's client in Mojave for a couple of months now, and contrary to my experience at the beginning of the year, in High Sierra, where it was going off all the time, it is fairly stable now.



          As for running the Linux CheckPoint VPN client/snx in Docker, it won't work.



          The snx VPN client routines:



          • check for the kernel presence/the tun kernel module being loaded;

          • load/insmod the tun kernel module if not loaded;

          • create and use the resulting tunsnx virtual network interface;

          • manipulate your routing table;

          • send traffic through the virtual tunsnx interface.

          Some or all of those actions won't simply happen inside a Docker container.



          TDLR snx inside Docker won't work. Either use the Mac native client, or run the Linux snx VPN client on a Linux VM.



          PS. I would advise getting familiar with the differences between a container and a VM.






          share|improve this answer


















          • 1




            Appreciate the explanation. Thanks, Rui
            – Ashwin Balamohan
            Dec 4 at 13:19






          • 1




            Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
            – Ashwin Balamohan
            Dec 4 at 14:45










          • You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
            – Rui F Ribeiro
            Dec 4 at 14:46















          up vote
          1
          down vote



          accepted










          Using MacOS, I would download/use the latest Mac OS Check Point official client, that is actively supported by CheckPoint, instead of using Docker.



          Been using Checkpoint's client in Mojave for a couple of months now, and contrary to my experience at the beginning of the year, in High Sierra, where it was going off all the time, it is fairly stable now.



          As for running the Linux CheckPoint VPN client/snx in Docker, it won't work.



          The snx VPN client routines:



          • check for the kernel presence/the tun kernel module being loaded;

          • load/insmod the tun kernel module if not loaded;

          • create and use the resulting tunsnx virtual network interface;

          • manipulate your routing table;

          • send traffic through the virtual tunsnx interface.

          Some or all of those actions won't simply happen inside a Docker container.



          TDLR snx inside Docker won't work. Either use the Mac native client, or run the Linux snx VPN client on a Linux VM.



          PS. I would advise getting familiar with the differences between a container and a VM.






          share|improve this answer


















          • 1




            Appreciate the explanation. Thanks, Rui
            – Ashwin Balamohan
            Dec 4 at 13:19






          • 1




            Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
            – Ashwin Balamohan
            Dec 4 at 14:45










          • You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
            – Rui F Ribeiro
            Dec 4 at 14:46













          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          Using MacOS, I would download/use the latest Mac OS Check Point official client, that is actively supported by CheckPoint, instead of using Docker.



          Been using Checkpoint's client in Mojave for a couple of months now, and contrary to my experience at the beginning of the year, in High Sierra, where it was going off all the time, it is fairly stable now.



          As for running the Linux CheckPoint VPN client/snx in Docker, it won't work.



          The snx VPN client routines:



          • check for the kernel presence/the tun kernel module being loaded;

          • load/insmod the tun kernel module if not loaded;

          • create and use the resulting tunsnx virtual network interface;

          • manipulate your routing table;

          • send traffic through the virtual tunsnx interface.

          Some or all of those actions won't simply happen inside a Docker container.



          TDLR snx inside Docker won't work. Either use the Mac native client, or run the Linux snx VPN client on a Linux VM.



          PS. I would advise getting familiar with the differences between a container and a VM.






          share|improve this answer














          Using MacOS, I would download/use the latest Mac OS Check Point official client, that is actively supported by CheckPoint, instead of using Docker.



          Been using Checkpoint's client in Mojave for a couple of months now, and contrary to my experience at the beginning of the year, in High Sierra, where it was going off all the time, it is fairly stable now.



          As for running the Linux CheckPoint VPN client/snx in Docker, it won't work.



          The snx VPN client routines:



          • check for the kernel presence/the tun kernel module being loaded;

          • load/insmod the tun kernel module if not loaded;

          • create and use the resulting tunsnx virtual network interface;

          • manipulate your routing table;

          • send traffic through the virtual tunsnx interface.

          Some or all of those actions won't simply happen inside a Docker container.



          TDLR snx inside Docker won't work. Either use the Mac native client, or run the Linux snx VPN client on a Linux VM.



          PS. I would advise getting familiar with the differences between a container and a VM.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 5 at 19:59

























          answered Dec 4 at 11:19









          Rui F Ribeiro

          38.5k1479128




          38.5k1479128







          • 1




            Appreciate the explanation. Thanks, Rui
            – Ashwin Balamohan
            Dec 4 at 13:19






          • 1




            Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
            – Ashwin Balamohan
            Dec 4 at 14:45










          • You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
            – Rui F Ribeiro
            Dec 4 at 14:46













          • 1




            Appreciate the explanation. Thanks, Rui
            – Ashwin Balamohan
            Dec 4 at 13:19






          • 1




            Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
            – Ashwin Balamohan
            Dec 4 at 14:45










          • You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
            – Rui F Ribeiro
            Dec 4 at 14:46








          1




          1




          Appreciate the explanation. Thanks, Rui
          – Ashwin Balamohan
          Dec 4 at 13:19




          Appreciate the explanation. Thanks, Rui
          – Ashwin Balamohan
          Dec 4 at 13:19




          1




          1




          Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
          – Ashwin Balamohan
          Dec 4 at 14:45




          Rui, just ran it on a VM and it worked like a charm. Thanks again for the pointer.
          – Ashwin Balamohan
          Dec 4 at 14:45












          You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
          – Rui F Ribeiro
          Dec 4 at 14:46





          You are welcome; we have been running it for a while in Debian/Ubuntu/Mint.
          – Rui F Ribeiro
          Dec 4 at 14:46


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485800%2fusing-checkpoint-vpn-ssl-network-extender-cli-with-certificate%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown






          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?