AnsweredAssumed Answered

Connection to VPN server from Linux with SecureID

Question asked by Olivier Roulet-Dubonnet on Aug 31, 2018
Latest reply on Sep 4, 2018 by Dameon Welch Abernathy

Hi,

 

I have a customer who gave us access to their system using something some CheckPoint Software with SecureID (username and secureId, no Password as far as we understand). How can we connect to these system from Linux?

 

We could not find any VPN client for linux on CheckPoint website

 

It looks like we get secureId code using stoken software so that should be OK.

 

If going to their VPN server 87.238.64.1 then there is some login popup but they require some java plugins which are now deprecated in all existing browsers so this is not a working solution

 

The page also allows to start a program called snx

snx -h
Check Point's Linux SNX
build 800008061
usage: snx -s <server> {-u <user>|-c <certfile>} [-l <ca dir>] [-p <port>] [-r] [-g] [-e <cipher>]
                                run SNX using given arguments
       snx -f <cf>              run the snx using configuration file
       snx                      run the snx using the ~/.snxrc

       snx -d                   disconnect a running SNX daemon

 

        -s <server>           connect to server <server>
        -u <user>             use the username <user>
        -c <certfile>         use the certificate file <certfile>
        -l <ca dir>           get trusted ca's from <ca dir>
        -p <port>             connect using port <port>
        -g                    enable debugging
        -e <cipher>           SSL cipher to use: RC4 or 3DES

 

But snx does not seem to allow using securId authentication

 

We also tried the standard Linux cisco VPN client: openconnect but it fails with some error XML response has no "auth" node

Soft token init was successful.

 

Soft token init was successful.
POST https://87.238.64.1/
Attempting to connect to server 87.238.64.1:443
Connected to 87.238.64.1:443
SSL negotiation with 87.238.64.1
Server certificate verify failed: signer not found
Connected to HTTPS on 87.238.64.1
Got HTTP response: HTTP/1.0 404 Not Found
Date: Fri, 31 Aug 2018 13:47:25 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 28 May 2014 09:11:07 GMT
Content-Length: 204
HTTP body length:  (204)
Unexpected 404 result from server
GET https://87.238.64.1/
Attempting to connect to server 87.238.64.1:443
Connected to 87.238.64.1:443
SSL negotiation with 87.238.64.1
Server certificate verify failed: signer not found
Connected to HTTPS on 87.238.64.1
Got HTTP response: HTTP/1.0 200 OK
Date: Fri, 31 Aug 2018 13:47:26 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Length: 11788
HTTP body length:  (11788)
XML response has no "auth" node

 

So what is the official way to connect to a VPN server using securid from Linux?

Outcomes