The connection from Mac to my office VPN was something that required some time to work. Here it is how I manage to connect.
First step was to connect to my VPN site (the office one) using Firefox, because connecting to it via Safari or Chrome did not work, with that configuration the Java applet that my office requires to start to verify the system pre-requisites did not start and so I cannot get to the page to authenticate. Using Firefox the Java applet works and so I can get the login page.
From there the connection worked.
Before using Firefox I tried to manually install the SNX client with mixed success.
First download the latest release of SNX client from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41808#2, it’s one of the latest download link on the page
After that install it on the Max OSX. It requires to install it by executing a .sh file that creates the required files, including the update of SNX tool that it’s used to create the VPN connection.
Once the SNX client has been installed from the terminal you need to create a file named .snxrc in your home directory that contains all the informations required to connect, like the following (change the address of vpn server and the username according to your configuration):
server v<em>pnserver.domain.com</em> username <em>youruserid</em> reauth yes debug yes 5
Now run the SNX command and it should ask for your password, insert it, it should connect to the VPN.
snx Check Point's Mac SNX build 800005012 Please enter your password: SNX - connected. Session parameters: =================== Office Mode IP : 192.168.1.173 DNS Server : 172.16.0.190 Secondary DNS Server: 172.16.0.191 Timeout : 12 hours
The first time I tried the second option it worked but was not able to find an IP address on the remote network, this can be verified giving the
ifconfig and verify the result:
This configuration do not work because it do not assign an IP address to the checkpoint VPN interface:
ifconfig en7 en7: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1350 ether 54:55:43:44:52:00 Check Point Virtual Network Adapter
After having made a lot of tests with different ifconfig option I resorted to a very sample solution: I changed the DHCP configuration to give me an address not in the same network of the IP assigned by the office (so using a different subnet) and everything worked fine.
I do not know what will happen if I connect from some hotel where I cannot change the DHCP configuration, I hope that the connection via Firefox works well.
UPDATE: after some further testing I’ve found that the SNX client described above do not work if you’ve updated your Mac to always boot in 64 bit mode (or, as far I know, if you have a new MacBook where the 64 bit option is enabled by default).
The error is:
Unable to open ‘/dev/vna0′: No such file or directory Unable to open ‘/dev/vna0′: No such file or directory Unable to open ‘/dev/vna0′: No such file or directory
While we wait for Checkpoint to release a new update supporting the new 64 bit option (if it will be ever released) the only way I’ve found to use it is to boot OSX in 32 bit mode. To do so boot OSX while keeping pressed the 3 and 2 button of your keyboard. After doing so the Checkpoint client works. Quite boring because you’ve to perform a reboot.