Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
What's New in R82
Hi,
Owning to shortcomings of one of our development teams installing in Ubuntu the SNX/CShell Checkpoint agent aka SSL Network Extender/Mobile Access Portal Agent, I have been writing a shell script for doing it automagically. It downloads Mobile Access Portal Agent (CShell) and SSL Network Extender (SNX) installations scripts from the firewall, and installs them.
Upon learning SNX is still a 32-bits binary and the multiples issues of satisfying cshell_install.sh requirements, I decided to go the chroot way in order to not to corrupt (so much) the Linux desktop of the user, and yet still tricking snx / cshell_install.sh into "believing" all the requirements are satisfied.
Eventually, I (re)wrote the script to support several Linux distributions as the host OS, still using Debian 11 for the chroot "light container".
The SNX binary and the CShell agent/daemon both install and run under chrooted Debian. The Linux host runs firefox (or other browser). resolv.conf, VPN IP address and routes "bleed" from the chroot directories and kernel shared with the host to the host Linux OS.
The Mobile Access Portal Agent, unlike the ordinary cshell_install.sh usual setup, runs with it's own user which is different than the user logged in.
Most of the recent distributions are supported.
In addition, lest you wish to uninstall it, the script has an uninstall option (and an upgrade one too). Deleting /opt/chroot pretty much cleans most of the extra glue installed in the system easily.
Find it at https://github.com/ruyrybeyro/chrootvpn
Regards
PS
COMPATIBILITY
Tested with chroot Debian Bullseye 11 (32 bits)
Tested with hosts:
Debian based
Debian 10
Debian 11
Ubuntu LTS 18.04
Ubuntu LTS 22.04
Mint 20.2
antiX-21
Pop!_OS 22.04 LTS
Kubuntu 22.04 LTS
lubuntu 22.04 LTS
Kali 2022.2
RedHat based
Fedora 23
Fedora 36
CentOS 8
Rocky 8.6
Oracle 8.6
CentOS 9 stream
AlmaLinux 9.0
Arch based
Arch Linux 2022.05.01
Manjaro 21.2.6.1
SUSE
openSUSE Leap 15.3
Hi,
Owning to shortcomings of one of our development teams installing in Ubuntu the SNX/CShell Checkpoint agent aka SSL Network Extender/Mobile Access Portal Agent, I have been writing a shell script for doing it automagically. It downloads Mobile Access Portal Agent (CShell) and SSL Network Extender (SNX) installations scripts from the firewall, and installs them.
Upon learning SNX is still a 32-bits binary and the multiples issues of satisfying cshell_install.sh requirements, I d
...;
v1.02 is out.
v1.01 was a fix to a script bug in Debian.
V1.02 is to deal with a nscd "feature" that was causing problem in SUSE, but can potentially manifest in another distributions.
Thanks. I would advise getting the last version at https://github.com/ruyrybeyro/chrootvpn , it supports so much more distributions and a couple of bugs fixed along the way.
Thanks. I would advise getting the last version at https://github.com/ruyrybeyro/chrootvpn , it supports so much more distributions and a couple of bugs fixed along the way.
;
Hi, I would like to know if the use of this script has been tested and reviewed by checkpoint as I see it in many forums but there are few comments from users other than the script creator.
If it is sure, could some administrator report it?
Hi, I would like to know if the use of this script has been tested and reviewed by checkpoint as I see it in many forums but there are few comments from users other than the script creator.
If it is sure, could some administrator report it?
;
PhoneBoy
As stated above:
Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
However, as some commenters have posted above, it appears to work.
As stated above:
Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
However, as some commenters have posted above, it appears to work.
;
@Jeisonsb wrote:Hi, I would like to know if the use of this script has been tested and reviewed by checkpoint as I see it in many forums but there are few comments from users other than the script creator.
If it is sure, could some administrator report it?
The script has consistently attracted around 200-250 visitors per week to its GitHub repository https://github.com/ruyrybeyro/chrootvpn in the last two years. Notably, it's utilized by a ISP, several universities in Portugal, various firms in Brazil, and even a US government agency, to my knowledge.
Regrettably, it appears to be the sole solution for using the Mobile Access Portal Agent in Linux, particularly for users outside of Debian or Ubuntu environments. Even for those distributions, there are still some challenges setting up the service solely with the official resources.
Despite the hurdles, the script remains open source. Contributions and reviews are most welcomed from the community.
@Jeisonsb wrote:
Hi, I would like to know if the use of this script has been tested and reviewed by checkpoint as I see it in many forums but there are few comments from users other than the script creator.
If it is sure, could some administrator report it?
The script has consistently attracted around 200-250 visitors per week to its GitHub repository https://github.com/ruyrybeyro/chrootvpn in the last two years. Notably, it's utilized by a ISP, several univers
...;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
