Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Home >   Check Point Forums >   Software Blades and Gateways >   Mobile Access / SSL VPN

Thread: SSL Network Extender does not work with Linux anymore

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 11 - Pages: 1 - Last Post: Jun 24, 2017 3:23 AM by: Dameon Welch Ab... Threads: [ Previous | Next ]
MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
SSL Network Extender does not work with Linux anymore
Posted: Apr 13, 2017 9:26 PM
 
  Click to reply to this thread Reply

We just replaced an old Cisco ASA with a new Check Point firewall, and I cannot connect to the VPN using linux. I have tried both Fedora 25 and Ubuntu 16.06. Installed the Iced Tea java plugin and enabled it in FireFox. After allowing the java applet to run, I eventually get the messages

Loading Applet . . .
Connecting . . .
Cannot establish connection to SSL Network Extender gateway. Try to reconnect.

Does anyone have any insight into how to make this work in 2017? It seems the command line version no longer works and through the browser is the only way.

MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
Re: SSL Network Extender does not work with Linux anymore
Posted: Apr 28, 2017 4:44 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

Since no one has answered this question, I'm assuming it simply can't be done.

If that is the case, that is a terrible decision by Check Point. I will not be recommending their product going forward.

Matthias Deckert

Posts: 4
Registered: 12/11/13
Re: SSL Network Extender does not work with Linux anymore
Posted: May 17, 2017 12:32 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

Until last ubuntu updates it works fine. Seems to be a problem with java 8u131. Has anyone a solution to use checkpoint vpn client on linux?

MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
Re: SSL Network Extender does not work with Linux anymore
Posted: May 18, 2017 6:58 AM   in response to: Matthias Deckert
 
  Click to reply to this thread Reply

What version of java on Ubuntu did you have it working with? I just installed 1.8.121, and although the applet loads the Firefox ESR version 52 and the IcedTea plugin, the connection never completes. The applet window has a status of 'Connecting', but it never finishes.

--Michael

Matthias Deckert

Posts: 4
Registered: 12/11/13
Re: SSL Network Extender does not work with Linux anymore
Posted: May 19, 2017 3:43 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

With 1.8.121 openn-java and icedtea it was fine. But since ubuntu updates in 05/2017 I'm not able to connect.

Michael Walsh

Posts: 1
Registered: 5/25/17
Re: SSL Network Extender does not work with Linux anymore
Posted: May 26, 2017 1:08 AM   in response to: Matthias Deckert
 
  Click to reply to this thread Reply

I found the same issue with CentOS 7, it too worked fine until the FF update late April, early May.
Despite downloading and trying the FF ESR release, changed and tried different java versions, no luck...this stinks.

Nicolas Boulica...

Posts: 1
Registered: 5/26/17
Re: SSL Network Extender does not work with Linux anymore
Posted: May 26, 2017 5:35 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

I was also unable to connect to checkpoint ssl network extender since last update on debian stretch.
I tried all versions I could of firefox and java (openjdk8, oracle jre 8u131 ).
- firefox + openjdk was just closing the connection page with no error message, but with connection not established
- firefox + oracle jre 8 was giving me the "java is not available" message.
I'm now able to connect with firefox esr 45.9.0.
I had to remove MD5 from jdk.jar.disabledAlgorithms in
/etc/java-8-openjdk/security/java.security for open jdk
/usr/lib/jvm/oracle-java8-jre-amd64/lib/security/java.security for oracle jre.

I guess there is a better and cleaner way to do this, but since I usually use firefox only to connect to the VPN, it's OK for me.. Hope this helps..

MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
Re: SSL Network Extender does not work with Linux anymore
Posted: May 27, 2017 5:21 AM   in response to: Nicolas Boulica...
 
  Click to reply to this thread Reply

Thanks for the information, but I still can't get it to work. I'm using java-8-openjdk-amd64 and the icedtea plugin version 8. I deleted MD5 from the /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security file.

When I go to our address, the applet starts to run. A terminal opens with this:

The installation script requires root permissions
Please provide the root password

Once I enter the root password, an alert immediately pops up with the text

Failed to initialize

Any idea how to get past that?

SecuredBy Conne...

Posts: 1
Registered: 5/8/14
Re: SSL Network Extender does not work with Linux anymore
Posted: May 30, 2017 6:16 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

Actually, I can use Checkpoint SSL VPN with Linux by MAB (Firefox version under 52) or Linux CLI with the command "snx -s <GW public IP> -u <LDAP user>" and then typing the password of these LDAP user.

Anyone has problems?

MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
Re: SSL Network Extender does not work with Linux anymore
Posted: May 30, 2017 10:56 PM   in response to: SecuredBy Conne...
 
  Click to reply to this thread Reply

What version of java are you using?

MICHAEL MOLLOY

Posts: 6
Registered: 4/13/17
Re: SSL Network Extender does not work with Linux anymore
Posted: Jun 14, 2017 9:12 PM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

Can someone from Checkpoint at least acknowledge that you're working on a linux client? Seriously, this is infuriating. Trying to do remote development while using Windows 10 is horrible.

Dameon Welch Ab...

Posts: 142
Registered: 4/16/09
Re: SSL Network Extender does not work with Linux anymore
Posted: Jun 24, 2017 3:23 AM   in response to: MICHAEL MOLLOY
 
  Click to reply to this thread Reply

There's an SK that covers installing the SNX client on Linux:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114267&partition=Advanced&product=SSL
Have you followed these steps?

Legend
Expert: 751 + pts
Advanced: 301 - 750 pts
Enthusiast: 101 - 300 pts
Novice: 0 - 100 pts
Check Point
Helpful Answer (5 pts)
Correct Answer (10 pts)