Create a Post
Showing results for 
Search instead for 
Did you mean: 

CShell/SNX chrooted wrapper automated setup for Linux - bash script


Owning to shortcomings of one of our development teams installing in Ubuntu the SNX/CShell Checkpoint agent aka SSL Network Extender/Mobile Access Portal Agent, I have been writing a shell script for doing it automagically. It downloads Mobile Access Portal Agent (CShell) and SSL Network Extender (SNX) installations scripts from the firewall, and installs them.

Upon learning SNX is still a 32-bits binary  and the multiples issues of satisfying requirements, I decided to go the chroot way in order to not to corrupt (so much) the Linux desktop of the user, and yet still tricking snx / into "believing" all the requirements are satisfied. 

Eventually, I (re)wrote the script to support several Linux distributions as the host OS, still using Debian 11 for the chroot "light container".

The SNX binary and the CShell agent/daemon both install and run under chrooted  Debian. The Linux host  runs firefox (or other browser). resolv.conf, VPN IP address and  routes "bleed" from the chroot directories and kernel shared with the host to the host Linux OS.

The Mobile Access Portal Agent, unlike the ordinary usual setup, runs with it's own user which is different than the user logged in.

Most of the recent distributions are supported.

In addition, lest you wish to uninstall it, the script has an uninstall option (and an upgrade one too). Deleting /opt/chroot pretty much cleans most of the extra glue installed in the system easily. 

Find it at






Tested with chroot Debian Bullseye 11 (32 bits)

Tested with hosts:


Debian based

Debian 10

Debian 11

Ubuntu LTS 18.04

Ubuntu LTS 22.04

Mint   20.2


Pop!_OS 22.04 LTS

Kubuntu 22.04 LTS

lubuntu 22.04 LTS

Kali 2022.2


RedHat based

Fedora 23

Fedora 36

CentOS 8

Rocky 8.6

Oracle 8.6

CentOS 9 stream

AlmaLinux 9.0


Arch based

Arch Linux 2022.05.01




openSUSE Leap 15.3

3 Replies

v1.02 is out.

v1.01 was a fix to a script bug in Debian.

V1.02 is to deal with a nscd "feature" that was causing problem in SUSE, but can potentially manifest in another distributions.

0 Kudos

v1.03 deals with ncsd in a more general approach, not SUSE specific.

0 Kudos

v1.20 out, added support for Void Linux

0 Kudos