Owning to shortcomings of one of our development teams installing in Ubuntu the SNX/CShell Checkpoint agent aka SSL Network Extender/Mobile Access Portal Agent, I have been writing a shell script for doing it automagically. It downloads Mobile Access Portal Agent (CShell) and SSL Network Extender (SNX) installations scripts from the firewall, and installs them.
Upon learning SNX is still a 32-bits binary and the multiples issues of satisfying cshell_install.sh requirements, I decided to go the chroot way in order to not to corrupt (so much) the Linux desktop of the user, and yet still tricking snx / cshell_install.sh into "believing" all the requirements are satisfied.
Eventually, I (re)wrote the script to support several Linux distributions as the host OS, still using Debian 11 for the chroot "light container".
The SNX binary and the CShell agent/daemon both install and run under chrooted Debian. The Linux host runs firefox (or other browser). resolv.conf, VPN IP address and routes "bleed" from the chroot directories and kernel shared with the host to the host Linux OS.
The Mobile Access Portal Agent, unlike the ordinary cshell_install.sh usual setup, runs with it's own user which is different than the user logged in.
Most of the recent distributions are supported.
In addition, lest you wish to uninstall it, the script has an uninstall option (and an upgrade one too). Deleting /opt/chroot pretty much cleans most of the extra glue installed in the system easily.
Find it at https://github.com/ruyrybeyro/chrootvpn
Tested with chroot Debian Bullseye 11 (32 bits)
Tested with hosts:
Ubuntu LTS 18.04
Ubuntu LTS 22.04
Pop!_OS 22.04 LTS
Kubuntu 22.04 LTS
lubuntu 22.04 LTS
CentOS 9 stream
Arch Linux 2022.05.01
openSUSE Leap 15.3