Connecting to CheckPoint VPN with 2FA

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
1
down vote

favorite












I'm trying to connect to a CheckPoint VPN which uses two factor authentication (generated token from a mobile device).



I'm aware of the snx tool from CheckPoint, and have used it on other VPNs, but am unable to get it to work with 2FA - or perhaps I just don't know how to use it with 2FA



My question is what are my options, and what's the best option.



  • does the snx tool work with 2FA, or is there another CheckPoint client?

  • will another client work with a CheckPoint VPN, e.g. StrongSwan, OpenVPN, etc?

I'm working with a plan to run the Windows CheckPoint client in a VM and then route my Ubuntu traffic through the VM's network, but it's clunky at best.






networking vpn virtualbox-networking







share|improve this question

















  • 1




    StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
    – Thomas Ward♦
    Mar 31 at 3:09






  • 1




    However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
    – Thomas Ward♦
    Mar 31 at 3:10











  • It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
    – RobAu
    Aug 15 at 10:36














up vote
1
down vote

favorite












I'm trying to connect to a CheckPoint VPN which uses two factor authentication (generated token from a mobile device).



I'm aware of the snx tool from CheckPoint, and have used it on other VPNs, but am unable to get it to work with 2FA - or perhaps I just don't know how to use it with 2FA



My question is what are my options, and what's the best option.



  • does the snx tool work with 2FA, or is there another CheckPoint client?

  • will another client work with a CheckPoint VPN, e.g. StrongSwan, OpenVPN, etc?

I'm working with a plan to run the Windows CheckPoint client in a VM and then route my Ubuntu traffic through the VM's network, but it's clunky at best.






networking vpn virtualbox-networking







share|improve this question

















  • 1




    StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
    – Thomas Ward♦
    Mar 31 at 3:09






  • 1




    However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
    – Thomas Ward♦
    Mar 31 at 3:10











  • It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
    – RobAu
    Aug 15 at 10:36












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I'm trying to connect to a CheckPoint VPN which uses two factor authentication (generated token from a mobile device).



I'm aware of the snx tool from CheckPoint, and have used it on other VPNs, but am unable to get it to work with 2FA - or perhaps I just don't know how to use it with 2FA



My question is what are my options, and what's the best option.



  • does the snx tool work with 2FA, or is there another CheckPoint client?

  • will another client work with a CheckPoint VPN, e.g. StrongSwan, OpenVPN, etc?

I'm working with a plan to run the Windows CheckPoint client in a VM and then route my Ubuntu traffic through the VM's network, but it's clunky at best.






networking vpn virtualbox-networking







share|improve this question













I'm trying to connect to a CheckPoint VPN which uses two factor authentication (generated token from a mobile device).



I'm aware of the snx tool from CheckPoint, and have used it on other VPNs, but am unable to get it to work with 2FA - or perhaps I just don't know how to use it with 2FA



My question is what are my options, and what's the best option.



  • does the snx tool work with 2FA, or is there another CheckPoint client?

  • will another client work with a CheckPoint VPN, e.g. StrongSwan, OpenVPN, etc?

I'm working with a plan to run the Windows CheckPoint client in a VM and then route my Ubuntu traffic through the VM's network, but it's clunky at best.






networking vpn virtualbox-networking




networking vpn virtualbox-networking






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 31 at 2:55









Kirk Broadhurst

1235




1235







  • 1




    StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
    – Thomas Ward♦
    Mar 31 at 3:09






  • 1




    However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
    – Thomas Ward♦
    Mar 31 at 3:10











  • It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
    – RobAu
    Aug 15 at 10:36












  • 1




    StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
    – Thomas Ward♦
    Mar 31 at 3:09






  • 1




    However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
    – Thomas Ward♦
    Mar 31 at 3:10











  • It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
    – RobAu
    Aug 15 at 10:36







1




1




StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
– Thomas Ward♦
Mar 31 at 3:09




StrongSwan is a VPN server for IPSec and not a VPN client. OpenVPN has a client and a server but only speaks OpenVPN. It looks like Checkpoint VPN (CP VPN) under the hood uses a form of IPSec that is tunneled over SSL/TLS. This might be a unique form of technological deployment. In pure theory, if CP VPN is speaking IPSec, then you could theoretically build a vpnc configuration that would work under the hood, but you're restricted to the CLI version of the VPN client for connecting (2FA isn't usable in the NetworkManager plugin for vpnc/IPSec connections). (1/2)
– Thomas Ward♦
Mar 31 at 3:09




1




1




However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
– Thomas Ward♦
Mar 31 at 3:10





However, this is a highly speculative answer, as CheckPoint doesn't offer a VPN-only device and only offer it as part of their unified protection gateways, and as CheckPoint gateway solutions are non-free the only people who can really give you clear guidance are going to be the CheckPoint people. They're pushing hard for the SNX tool, though; they don't talk about 2FA though on their forums. You might want to consult with CheckPoint about 2FA enablement/solutions for things. (2/2)
– Thomas Ward♦
Mar 31 at 3:10













It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
– RobAu
Aug 15 at 10:36




It should be possible. I used to have Firefox + java for the web-interface, which just passed stuff to the local snx installation. But I never got my finger around it. Maybe local java debugging could provide some insights.
– RobAu
Aug 15 at 10:36















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1020745%2fconnecting-to-checkpoint-vpn-with-2fa%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1020745%2fconnecting-to-checkpoint-vpn-with-2fa%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

GRUB: Fatal! inconsistent data read from (0x84) 0+xxxxxx

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite Can anybody help me with this messages at (before) grub starts booting? . . Fatal! inconsistent data read from (0x84) 0+xxxxxx . Fatal! inconsistent data read from (0x84) n+yyyyyy . (hd0,4) This is running in dual boot with windows 7. Both Windows and Ubuntu are running flawlessly, except for this "errors" list. boot grub2 share | improve this question edited Apr 8 at 12:59 Byte Commander 59.4k 26 159 267 asked Apr 8 at 12:56 Viciente 6 1 add a comment  |  up vote 1 down vote favorite Can anybody help me with this messages at (before) grub starts booting? . . Fatal! inconsistent data read from (0x84) 0+xxxxxx . Fatal! inconsistent data read from (0x84) n+yyyyyy . (hd0,4) This is running in dual boot with windows 7. Both Windows and Ubuntu are running flawlessly, except for this "errors" list. boot grub2 share | improve th...
Read more

Problem in reading from socket

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I have a spark streaming program, that reads data from a socket I have craeted using: nc -lk 9999 The program reads the data from socket and exclude the "Error" messages. When I write manually in socket, it works fine. I have created a python script that prints "Error" messages frequently. I will save the result in a file using: stdbuf -oL python my_script.py &>> my_file.txt and read the file from the socket: nc -lk 9999 | tail -f my_file.txt Every thing is ok, the socket will read data from file while the file is being updated on the background, But the problem is that my spark program doen't capture the "Error" messages. As a summary: when I write manually "Error" messages in socket, spark capture them, But it won't capture "Error" message generated by python script from socket. Actually the program doesn't work if I read file from socket in...
Read more

Help me with the firebase tools

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite Greetings everyone. I'm a new ubuntu 16.04 user. I installed my nodejs, npm and firebase tools. But, after that I need to do the last step before deploying my static web. Login to my firebase with npm. I always get this output : $ firebase login firebase: command not found from this following input : $ firebase login I also installed the npm global package (jshint) with input : $ npm install -g jshint and get this output /home/marco/.npm-global/bin/jshint -> /home/marco/.npm-global/lib/node_modules/jshint/bin/jshint + jshint@2.9.5 added 31 packages in 16.463s Could someone help or tell me my mistake(s)? Please. Thanks nodejs npm share | improve this question asked Feb 16 at 0:55 Marco Septian Immanuel 1 1 add a comment  |  up vote 0 down vote favorite Greetings everyone. I'm a new ubuntu 16.04 user. I installed my nodejs, npm and fireb...
Read more