3

Anyone running SNX on Ubuntu 18.04 or 18.10 ? I am using build 800008061 with Firefox which should be a latest version AFAIK.

Problem is that snx can not handle systemd-resolved -> dns nameservers are not dynamically updated, because snx handling updates to /etc/resolv.conf manually.

I tried apt install libnss-resolve && rm -f /etc/resolv.conf && touch /etc/resolv.conf to let snx handle /etc/resolv.conf manually and at the same time libnss-resolve provided fallback to systemd nameservers if no DNS servers were specified in /etc/resolv.conf. But it does not work. SNX will not even start.

Another thing was to install resolvconf (ifupdown dependency), but for a little moment I was able to see DNS servers assigned from vpn after connection with systemd-resolve --status command, but these dissapeared quickly.

There might be problems with netplan also I guess.

Any idea how to run SNX in Ubuntu 18.04, 18.10?

Thanks

EDIT: There is not problem to run SNX in Ubuntu 18.XX (dependencies for example). The problem is that SNX can not handle systemd-resolved

MUHAHA
  • 151
  • 1
  • 7
  • 3
    Possible duplicate of [getting Checkpoint VPN SSL Network Extender working in the command line](https://unix.stackexchange.com/questions/450229/getting-checkpoint-vpn-ssl-network-extender-working-in-the-command-line) – Rui F Ribeiro Dec 03 '18 at 17:15
  • it is not. There is no mention about systemd-resolved which is available in Ubuntu 18.XX – MUHAHA Dec 03 '18 at 17:22
  • I am able to connect with 800008061, its working in Ubuntu < 18.04 , in Ubuntu >=18.04 there is a change with systemd-resolved package. SNX can not handle systemd-resolved -> nameserver are not updated after connection. I am able to connect with IP directly, even if I edit /etc/hosts/ so its working. I also tried 800007075, but its not problem with version. Its problem with systemd vs resolvconf. – MUHAHA Dec 03 '18 at 17:45
  • If You have still SNX and Vagrant, You can try this vagrant file: https://pastebin.com/jVTMC3LK . I will guarantee You that this will not work. – MUHAHA Dec 03 '18 at 18:14
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/86561/discussion-between-muhaha-and-rui-f-ribeiro). – MUHAHA Dec 03 '18 at 18:40
  • Mobile in the next couple of hours, able to see chat but not answer there. My comments about the version are important. Your version works indeed via Firefox, but not in the command line, deleted that comment. – Rui F Ribeiro Dec 03 '18 at 18:43
  • Have you installed the 32 bit libs? As for the DNS problem, it is common to other vpn servers in linux and not only to snx and systemd. But it won't prevent it starting, I mess on purpose with DNS due to our network profile being wrong, and it still starts. We are using here Debian 9, mint and Ubuntu 18 – Rui F Ribeiro Dec 03 '18 at 18:49
  • Yes. Its visible in vagrantfile what I did. (pastebin.com/jVTMC3LK). SNX is started and connected. I can connect to services behind VPN with IP address, just DNS names are not resolved. Problem is that SNX needs directly update /etc/resolv.conf, but that is impossible, because of systemd-resolved. /etc/resolv.conf is just a symlink. Its clearly visible that snx will create /etc/resolv.conf.bak, because it can not update resolv.conf directly. SNX can not handle systemd. – MUHAHA Dec 03 '18 at 19:36
  • Snx and many other VPNs... Either you disable systemd -resolved and uninstall resolvcond, and /or do some snx shell wrapper that creates a resolv.conf while inside the VPN and then returns things to the expected /previous state when leaving it – Rui F Ribeiro Dec 03 '18 at 19:56

3 Answers3

1

I am able to install and use snx (800008061) in ubuntu:cosmic and bionic.

Install dependencies:

  • libpam0g:i386
  • libx11-6:i386
  • libstdc++6:i386
  • libstdc++5:i386

Problem with systemd-resolved can be solved by unlinking /etc/resolv.conf (possible rm -r /etc/resolv.conf && echo "nameserver 127.0.0.53" > /etc/resolv.conf ) and installing libnss-resolve:i386 and libnss-resolve, which will provide fallback resolving in case of missing resolv.conf, which is edited directly by snx.

MUHAHA
  • 151
  • 1
  • 7
0

snx is a closed-source binary bundle executed with suid as root. Everything about this is wrong. If possible try to convince the IT to run openvpn instead.

I had to run version 800007075 (who invents this version numbering system btw?) and manually delete pushed DNS entries to my resolv.conf

Met
  • 131
  • 2
0

I have managed with this problem using this:

sudo systemd-resolve --interface=tunsnx --set-dns=A.A.A.A  --set-domain=corp

This will use A.A.A.A dns server for *.corp domains.

To make it permanent you probably want to create a file in /etc/systemd/network but I didn't figured what is should looks like. Here is documentation

This can be also helpful for debugging

resolvectl status
S.R
  • 101
  • 2