Checkpoint VPN Linux Client: Ubuntu Installation and Configuration Guide


2 views

Checkpoint does provide Linux support through its SNX VPN client, though it's not as straightforward as Windows or macOS versions. The SNX package works on most Linux distributions including Ubuntu, but requires manual setup.

Before installation, ensure your system has:

  • Ubuntu 18.04/20.04/22.04 LTS (64-bit recommended)
  • OpenSSL libraries installed
  • Root privileges for installation
  • Network access to your Checkpoint gateway

First, download the SNX package from your Checkpoint gateway (usually accessible via web portal) or request it from your network administrator. The filename typically looks like snx_install.sh.

Make the script executable and run it:


chmod +x snx_install.sh
sudo ./snx_install.sh

After installation, connect to your VPN using:


snx -s your.gateway.com -u your_username

You'll be prompted for your password. For automated connections, you can store credentials using:


echo "your_password" | snx -s your.gateway.com -u your_username

If you encounter SSL errors, try:


sudo apt-get install libssl1.0.0

For 32-bit systems, you might need additional libraries:


sudo apt-get install libstdc++5:i386

If SNX doesn't work well for your setup, consider:

  1. Using OpenConnect with Checkpoint compatibility mode
  2. Setting up a Windows VM with Checkpoint client and routing traffic
  3. Exploring third-party clients like ShrewSoft VPN

Create a simple bash script to handle VPN connections:


#!/bin/bash
echo "Connecting to Checkpoint VPN..."
read -s -p "Password: " vpnpass
echo $vpnpass | snx -s vpn.company.com -u $USER

CheckPoint offers official VPN clients for Linux through their support center. The primary package is called snx, which provides command-line connectivity. For Ubuntu users, there are two main approaches:

# Official method (requires CheckPoint support account)
wget https://secureconnection.eu/checkpoint/linux/snx_install.sh
chmod +x snx_install.sh
sudo ./snx_install.sh

The openconnect package can serve as a replacement for CheckPoint VPN:

sudo apt update
sudo apt install openconnect network-manager-openconnect

Configuration example for CheckPoint:

sudo openconnect --protocol=gp vpn.yourcompany.com
# When prompted, enter your credentials

For frequent usage, create a bash script:

#!/bin/bash
VPN_SERVER="vpn.company.com"
USERNAME="your_username"
PASSWORD=$(security find-generic-password -ws "CheckPointVPN" 2>/dev/null)

if [ -z "$PASSWORD" ]; then
    echo "Enter VPN password: "
    read -s PASSWORD
fi

echo $PASSWORD | sudo openconnect --protocol=gp --user=$USERNAME --passwd-on-stdin $VPN_SERVER

If you encounter certificate errors, add --no-cert-check flag (not recommended for production). For DNS resolution problems:

# Add to /etc/resolv.conf (temporary solution)
nameserver 8.8.8.8
nameserver 8.8.4.4

For enterprise environments, create a persistent VPN service:

[Unit]
Description=CheckPoint VPN Connection
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/openconnect --protocol=gp --user=svc_account --passwd-on-stdin vpn.company.com
Restart=always

[Install]
WantedBy=multi-user.target