Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abautu
Participant

Endpoint VPN MFA client for Linux

Jump to solution

Hello,

I use Checkpoint Endpoint VPN client for Windows and Mac to access a company VPN, using username/password and then confirmation on the phone using Microsoft authenticator. Is there any way to setup a client in this scenario for Linux (Ubuntu)?

Thank you!

0 Kudos
1 Solution

Accepted Solutions
abautu
Participant

Thank you both for your replies. I wasted too much time (about 7-8 day already) trying to get this working so I'll stick to Windows for now. As another user pointed out in a different thread, It's a pitty that Checkpoint doesn't support Linux for real (I'm not talking about SNX). Many other vendors do so.

View solution in original post

0 Kudos
(1)
9 Replies
PhoneBoy
Admin
Admin

On Linux, the only supported client is SNX, and I believe you can use the Mobile Access portal to perform the required authentication.

0 Kudos
G_W_Albrecht
Legend
Legend

If your GW is R81 or higher, you can use sk165014: Supporting strongSwan as a Remote Access client !

CCSE CCTE SMB Specialist
0 Kudos
abautu
Participant

@PhoneBoy Thank you. I read in other posts that SNX client is not working with recent Ubuntu versions, nor with MFA. I don't know really is what is. From what I read on this site, it is something that the Endpoint admin has to setup, but unfortunatelly I doubt they will do it.

@G_W_Albrecht Thank you for your reply. It's R84.30 or newer. I tried to follow and adapt the tutorials of @Soeren_Rothe on this site (on Ubuntu desktops 22.04 and 21.10), but it didn't work for me because I didn't know how to adapt to the differences (Soeren is using pre-shared secret; our server seems to use a certificate).
In the Windows client, I just create a new connection (by entering the host name), confirm the server certificate fingerprint (because its root CA is self-signed) and then it's ready to use (I just enter username/password and confirm in Authenticator App).
By reading the Windows client extended logs, I saw that our config uses username+password authentication, but I didn't find info about the server certificate (I do have the root CA certificate).

0 Kudos
G_W_Albrecht
Legend
Legend

It's R84.30 or newer. --> I mean the Gateway you connect to must be at least R81 to use strongSwan.

CCSE CCTE SMB Specialist
0 Kudos
abautu
Participant

Thank you for you quick reply. How can I check what version is my Gateway?

0 Kudos
G_W_Albrecht
Legend
Legend

That depends on your level of access:

- ask the FW admin

- connect to GWs GAiA portal, you do not need to login

- start SmartDashboard and look at the GW version

- connect to GW using SSH and issue # fw ver

CCSE CCTE SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

There is nothing you can do as an end user to enable Remote Access via a Linux system.
You will need to work with your admins directly on this.

0 Kudos
abautu
Participant

Thank you both for your replies. I wasted too much time (about 7-8 day already) trying to get this working so I'll stick to Windows for now. As another user pointed out in a different thread, It's a pitty that Checkpoint doesn't support Linux for real (I'm not talking about SNX). Many other vendors do so.

0 Kudos
(1)
tomwitt2
Explorer

Couldn't agree more.  As a developer on Linux, I've suffered for multiple years trying to access our checkpoint system, having to use an old an insecure version of SNX to connect.  Once we went to 2FA, IT had to setup an AWS entrypoint since Checkpoint no longer worked for me.

Checkpoint uses Linux but doesn't provide a Linux client.  Shameful.

 
0 Kudos