ruyrybeyro / chrootvpn Goto Github PK
View Code? Open in Web Editor NEWCheckpoint R80+ VPN client chroot wrapper
License: Apache License 2.0
Checkpoint R80+ VPN client chroot wrapper
License: Apache License 2.0
Hey, thanks for putting effort into this project.
Could you please answer what needs to be done in order to resolve this error?
This Portal is not supported on this server. Please contact your administrator for more information (14).
This occur when trying to login at https://vpn.example.com/Login/Login
Hello, first of all, thank you for your work. It has served me really well for sometime now on Debian.
I've been trying out Ubuntu 22.10 on two computers, and it's working flawlessly, except for ChrootVPN.
After installing ChrootVPN on Ubuntu 22.10, everything works fine, until I reboot. After a reboot, on both computers, my network simply ceased to work... I get an question mark on top of the newtork icon and no connection at all.
I can gladly share more information!
Hi,
Since I can't download the snx_install.sh from the vpn I downloaded it separately.
Now I am trying to feed the snx script to installation script but it wont find it.
I've placed the snx_install.sh in the same directory of the chrootvpn installation, is It the right place?
Hello
I'm trying to install the latest version (chrootvpn_1.96-1_all.deb) in a Debian GNU/Linux 12 (bookworm) system.
After running the vpn.sh -i --vpn=... comand the script runs fine until it reaches a c_shell installation:
Processing triggers for ca-certificates (20210119) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
done.
Installation successfull
Installing CShell
/root/cshell_install.sh: line 1: syntax error near unexpected token `newline'
/root/cshell_install.sh: line 1: `<html>'
InstallChroot->chrootEnd: Something went wrong. Chroot unmounted. Fix it or delete /opt/chroot and run this script again
First of all thanks for the project and all the work you put in. It looks very interesting and useful but somehow I can't make it work.
Fedora 36 here with OpenJDK 11, vpn.sh status
looks ok-ish (v1.80, CShell running, SNX installed, CHSell self-signed CA cert visible, but in status report there is a line "VPN off", "VPN signatures" are empty).
Opening FF v102 on https://vpn.address.com
renders "Secure connection failed".
Going to https://localhost:14186/id
shows JSON response like {"id":"some-uuid-here"}
. Curling verbose same link, shows certificate(O=check Point), with same JSON response.
starting vpn.sh
in new terminal or vpn.sh restart
doesn't bring me any further.
Thanks :)
Hi @ruyrybeyro,
Thanks for your effort to bring the checkpoint VPN to Ubuntu OS.
I'm facing an issue with auto close pop-up SSL Network Extender windows when VPN has just expired and re-connect again, If you click on "connect" the pop-up of the network-extender opens, and it shows "initializing" and after a few seconds the window disappears and you can click on connect again.
But this will be resolved if you restart the laptop/PC and then this will happen again if the connection is expired.
Do you know how to fix this?
Thanks @ruyrybeyro.
Hi. I tried to run it but I'm facing that Secure Connection Failed
error
doing first restart
non-network local connections being added to access control list
CShell stopped
Trying to start it again...
LAUNCHER> Starting CShell...
LAUNCHER> CShell Started
open browser at https://[VPN_HOST] to login/start VPN
Accept localhost certificate anytime visiting https://localhost:14186/id
After open https://localhost:14186/id and accept the "risks" I've tried to open the https://[VPN_HOST] url on Firefox but I got the Secure Connection Failed
message. Can you help me?
I'm getting this error when I run the command vpn.sh -i --vpn=DNS
Fedora 37
vpn.sh v1.96
Installation successfull
Installing CShell
/root/cshell_install.sh: line 1: syntax error near unexpected token `newline'
/root/cshell_install.sh: line 1: `<html>'
InstallChroot->chrootEnd: Something went wrong. Chroot unmounted. Fix it or delete /opt/chroot and run this script again
Thank you!
Firstly, I would like to thank you for your work with this script.
I am using Ubuntu 22.04.1 and I successfully managed to connect to the university checkpoint VPN but all my traffic does not route through the VPN.
I tried to route the traffic through the IP route command but after that, everything stops working.
This is the IP route table after connecting:
default via 192.168.31.1 dev wlp2s0 proto dhcp metric 600
147.232.1.1 dev tunsnx src 147.232.165.234
147.232.1.2/31 dev tunsnx src 147.232.165.234
147.232.1.4/30 dev tunsnx src 147.232.165.234
147.232.1.8/29 dev tunsnx src 147.232.165.234
147.232.1.16/28 dev tunsnx src 147.232.165.234
147.232.1.32/27 dev tunsnx src 147.232.165.234
147.232.1.64/26 dev tunsnx src 147.232.165.234
147.232.1.128/25 dev tunsnx src 147.232.165.234
147.232.2.0/23 dev tunsnx src 147.232.165.234
147.232.4.0/22 dev tunsnx src 147.232.165.234
147.232.8.0/22 dev tunsnx src 147.232.165.234
147.232.12.0/23 dev tunsnx src 147.232.165.234
147.232.14.0/25 dev tunsnx src 147.232.165.234
147.232.14.128/28 dev tunsnx src 147.232.165.234
147.232.14.144/31 dev tunsnx src 147.232.165.234
147.232.14.147 dev tunsnx src 147.232.165.234
147.232.14.148/30 dev tunsnx src 147.232.165.234
147.232.14.152/29 dev tunsnx src 147.232.165.234
147.232.14.160/27 dev tunsnx src 147.232.165.234
147.232.14.192/26 dev tunsnx src 147.232.165.234
147.232.15.0/24 dev tunsnx src 147.232.165.234
147.232.16.0/20 dev tunsnx src 147.232.165.234
147.232.32.0/20 dev tunsnx src 147.232.165.234
147.232.48.0/23 dev tunsnx src 147.232.165.234
147.232.50.0/25 dev tunsnx src 147.232.165.234
147.232.50.128/26 dev tunsnx src 147.232.165.234
147.232.50.192/27 dev tunsnx src 147.232.165.234
147.232.50.224/28 dev tunsnx src 147.232.165.234
147.232.50.240/29 dev tunsnx src 147.232.165.234
147.232.50.248/30 dev tunsnx src 147.232.165.234
147.232.50.252/31 dev tunsnx src 147.232.165.234
147.232.50.254 dev tunsnx src 147.232.165.234
147.232.51.1 dev tunsnx src 147.232.165.234
147.232.51.2/31 dev tunsnx src 147.232.165.234
147.232.51.4/30 dev tunsnx src 147.232.165.234
147.232.51.8/29 dev tunsnx src 147.232.165.234
147.232.51.16/28 dev tunsnx src 147.232.165.234
147.232.51.32/27 dev tunsnx src 147.232.165.234
147.232.51.64/26 dev tunsnx src 147.232.165.234
147.232.51.128/25 dev tunsnx src 147.232.165.234
147.232.52.0/22 dev tunsnx src 147.232.165.234
147.232.56.0/21 dev tunsnx src 147.232.165.234
147.232.64.0/19 dev tunsnx src 147.232.165.234
147.232.96.0/22 dev tunsnx src 147.232.165.234
147.232.100.0/25 dev tunsnx src 147.232.165.234
147.232.100.128/26 dev tunsnx src 147.232.165.234
147.232.100.192/27 dev tunsnx src 147.232.165.234
147.232.100.224/28 dev tunsnx src 147.232.165.234
147.232.100.240/29 dev tunsnx src 147.232.165.234
147.232.100.248/30 dev tunsnx src 147.232.165.234
147.232.100.252/31 dev tunsnx src 147.232.165.234
147.232.100.254 dev tunsnx src 147.232.165.234
147.232.101.1 dev tunsnx src 147.232.165.234
147.232.101.2/31 dev tunsnx src 147.232.165.234
147.232.101.4/30 dev tunsnx src 147.232.165.234
147.232.101.8/29 dev tunsnx src 147.232.165.234
147.232.101.16/28 dev tunsnx src 147.232.165.234
147.232.101.32/27 dev tunsnx src 147.232.165.234
147.232.101.64/26 dev tunsnx src 147.232.165.234
147.232.101.128/25 dev tunsnx src 147.232.165.234
147.232.102.0/23 dev tunsnx src 147.232.165.234
147.232.104.0/21 dev tunsnx src 147.232.165.234
147.232.112.0/20 dev tunsnx src 147.232.165.234
147.232.128.0/20 dev tunsnx src 147.232.165.234
147.232.144.0/22 dev tunsnx src 147.232.165.234
147.232.148.0/23 dev tunsnx src 147.232.165.234
147.232.150.0/31 dev tunsnx src 147.232.165.234
147.232.151.1 dev tunsnx src 147.232.165.234
147.232.151.2/31 dev tunsnx src 147.232.165.234
147.232.151.4/30 dev tunsnx src 147.232.165.234
147.232.151.8/29 dev tunsnx src 147.232.165.234
147.232.151.16/28 dev tunsnx src 147.232.165.234
147.232.151.32/27 dev tunsnx src 147.232.165.234
147.232.151.64/26 dev tunsnx src 147.232.165.234
147.232.151.128/25 dev tunsnx src 147.232.165.234
147.232.152.0/21 dev tunsnx src 147.232.165.234
147.232.160.0/19 dev tunsnx src 147.232.165.234
147.232.165.233 dev tunsnx proto kernel scope link src 147.232.165.234
147.232.192.0/21 dev tunsnx src 147.232.165.234
147.232.200.0/25 dev tunsnx src 147.232.165.234
147.232.200.128/26 dev tunsnx src 147.232.165.234
147.232.200.192/27 dev tunsnx src 147.232.165.234
147.232.200.224/28 dev tunsnx src 147.232.165.234
147.232.200.240/29 dev tunsnx src 147.232.165.234
147.232.200.248/30 dev tunsnx src 147.232.165.234
147.232.200.252/31 dev tunsnx src 147.232.165.234
147.232.200.254 dev tunsnx src 147.232.165.234
147.232.201.1 dev tunsnx src 147.232.165.234
147.232.201.2/31 dev tunsnx src 147.232.165.234
147.232.201.4/30 dev tunsnx src 147.232.165.234
147.232.201.8/29 dev tunsnx src 147.232.165.234
147.232.201.16/28 dev tunsnx src 147.232.165.234
147.232.201.32/27 dev tunsnx src 147.232.165.234
147.232.201.64/26 dev tunsnx src 147.232.165.234
147.232.201.128/25 dev tunsnx src 147.232.165.234
147.232.202.0/23 dev tunsnx src 147.232.165.234
147.232.204.0/22 dev tunsnx src 147.232.165.234
147.232.208.0/20 dev tunsnx src 147.232.165.234
147.232.224.0/20 dev tunsnx src 147.232.165.234
147.232.240.0/21 dev tunsnx src 147.232.165.234
147.232.248.0/22 dev tunsnx src 147.232.165.234
147.232.252.0/23 dev tunsnx src 147.232.165.234
147.232.254.0/24 dev tunsnx src 147.232.165.234
147.232.255.0/25 dev tunsnx src 147.232.165.234
147.232.255.128/26 dev tunsnx src 147.232.165.234
147.232.255.192/27 dev tunsnx src 147.232.165.234
147.232.255.224/28 dev tunsnx src 147.232.165.234
147.232.255.240/29 dev tunsnx src 147.232.165.234
147.232.255.248/30 dev tunsnx src 147.232.165.234
147.232.255.252/31 dev tunsnx src 147.232.165.234
147.232.255.254 dev tunsnx src 147.232.165.234
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.31.0/24 dev wlp2s0 proto kernel scope link src 192.168.31.92 metric 600
The vpn works fine when i connect using windows or android clients.
Hi @ruyrybeyro thank you for your effort in making this wrapper.
I already succeeded using your script to connect to the vpn. But after the first login it always fails to connect to the vpn. When trying to connect it always asks to update the Mobile Access Portal Agent using cshell_install.sh
At first it failed to update because of the path to the certificate being different
After updating cshell_install to the correct path where your wrapper is located I have another problem
Do you know how to fix this?
I'm using ubuntu 22.04
Best regards and thank you
Hi,
I'm having an error while running the installation:
chroot /opt/chroot unsucessful creation
InstallChroot->createChroot: run sudo rm -rf /opt/chroot and do it again
I don't know what to do next.
Any advice?
Thank you!! :)
installation process fails on ubuntu 23.10:
$ ./cshell_install.sh
Start Check Point Mobile Access Portal Agent installation
Extracting Mobile Access Portal Agent... Done
Installing Mobile Access Portal Agent...
Shutdown Mobile Access Portal Agent
Done
Installing certificate... Done
Starting Mobile Access Portal Agent... /bin/sh: 1: /usr/bin/cshell/launcher: not found
Cannot start Mobile Access Portal Agent. Installation aborted.
$ ls /usr/bin/cshell/launcher
/usr/bin/cshell/launcher
$ /usr/bin/cshell/launcher
bash: /usr/bin/cshell/launcher: cannot execute: required file not found
During vpn -i debconf and systemctl is complaining (but the script completes):
Setting up x11-common (1:7.7+22) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/i386-linux-gnu/perl/5.32.1
/usr/local/share/perl/5.32.1 /usr/lib/i386-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/i386-linux-gnu/perl-base /usr/lib/i386-linux-gnu/perl/5.32 /usr/share/perl/5
.32 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Can't exec "systemctl": No such file or directory at /usr/sbin/update-rc.d line 93.
/usr/sbin/invoke-rc.d: 290: systemctl: not found
invoke-rc.d: could not determine current runlevel
invoke-rc.d: WARNING: No init system and policy-rc.d missing! Defaulting to block.
....
Setting up dbus (1.12.28-0+deb11u1) ...
/var/lib/dpkg/info/dbus.postinst: 94: systemd-tmpfiles: not found
Can't exec "systemctl": No such file or directory at /usr/sbin/update-rc.d line 93.
/usr/sbin/invoke-rc.d: 290: systemctl: not found
invoke-rc.d: could not determine current runlevel
invoke-rc.d: WARNING: No init system and policy-rc.d missing! Defaulting to block.
/var/lib/dpkg/info/dbus.postinst: 113: systemctl: not found
sh: 1: systemctl: not found
Can't exec "systemctl": No such file or directory at /usr/bin/deb-systemd-invoke line 94.
dbus.service is a disabled or a static unit, not starting it.
sh: 1: systemctl: not found
Can't exec "systemctl": No such file or directory at /usr/bin/deb-systemd-invoke line 94.
dbus.socket is a disabled or a static unit, not starting it.
``
Hi, i've problem with installation.
I've installed before, and i uninstall.
And when i want to install again, i have en error message and tells me to uninstall it. If i uninstall, it tells me to install before uninstall. But i cannot install, if i try, i alway get error message that tells me to uninstall.
the SSL Network Extener is closing after a few seconds.
I tought this isssue might be related to #9 but re installing several times did not solve the issue.
First time installation on Linux Mint 21.2 fails with:
Installing CShell
InstallChroot->chrootEnd: Something went wrong. Chroot unmounted. Fix it or delete /opt/chroot and run this script again.
Is there any way to determine what exactly went wrong?
After a fresh install on my debian bookworm system the vpn.sh script complained about not having access to X11. I was a bit surprised that it asks for X11, as i switched to wayland ages ago. I seem to have some Xorg packages installed, not sure if they are needed. It might be useful to mention that all of this works fine also in wayland.
Anyway, the vpn.sh script complains:
xhost: unable to open display ":0"
If there are not X11 desktop permissions, the VPN won't run
run this while logged in to the graphic console,
or in a terminal inside the graphic console
X11 auth not given
Please run as the X11/regular user:
xhost +si:local:
Which did not work on my system:
$ xhost +si:local:
local: being added to access control list
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 109 (X_ChangeHosts)
Value in failed request: 0x6
Serial number of failed request: 7
Current serial number in output stream: 9
After some digging i came up with xhost +local:
which works.
The script doesn't consider using the systemd-networkd as network manager. Only NetworkManager. So the fixDNS()
step is skipped.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.