Hi,
I have a customer who gave us access to their system using something some CheckPoint Software with SecureID (username and secureId, no Password as far as we understand). How can we connect to these system from Linux?
We could not find any VPN client for linux on CheckPoint website
It looks like we get secureId code using stoken software so that should be OK.
If going to their VPN server 87.238.64.1 then there is some login popup but they require some java plugins which are now deprecated in all existing browsers so this is not a working solution
The page also allows to start a program called snx
snx -h
Check Point's Linux SNX
build 800008061
usage: snx -s <server> {-u <user>|-c <certfile>} [-l <ca dir>] [-p <port>] [-r] [-g] [-e <cipher>]
run SNX using given arguments
snx -f <cf> run the snx using configuration file
snx run the snx using the ~/.snxrc
snx -d disconnect a running SNX daemon
-s <server> connect to server <server>
-u <user> use the username <user>
-c <certfile> use the certificate file <certfile>
-l <ca dir> get trusted ca's from <ca dir>
-p <port> connect using port <port>
-g enable debugging
-e <cipher> SSL cipher to use: RC4 or 3DES
But snx does not seem to allow using securId authentication
We also tried the standard Linux cisco VPN client: openconnect but it fails with some error XML response has no "auth" node
Soft token init was successful.
Soft token init was successful.
POST https://87.238.64.1/
Attempting to connect to server 87.238.64.1:443
Connected to 87.238.64.1:443
SSL negotiation with 87.238.64.1
Server certificate verify failed: signer not found
Connected to HTTPS on 87.238.64.1
Got HTTP response: HTTP/1.0 404 Not Found
Date: Fri, 31 Aug 2018 13:47:25 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 28 May 2014 09:11:07 GMT
Content-Length: 204
HTTP body length: (204)
Unexpected 404 result from server
GET https://87.238.64.1/
Attempting to connect to server 87.238.64.1:443
Connected to 87.238.64.1:443
SSL negotiation with 87.238.64.1
Server certificate verify failed: signer not found
Connected to HTTPS on 87.238.64.1
Got HTTP response: HTTP/1.0 200 OK
Date: Fri, 31 Aug 2018 13:47:26 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Length: 11788
HTTP body length: (11788)
XML response has no "auth" node
So what is the official way to connect to a VPN server using securid from Linux?