Checkpoint VPN client not connecting, Debian Wheezy











up vote
0
down vote

favorite












Edit: what I'm looking for here is help finding out what's going on at the OS level, so that I can find out for sure whether the problem is on my end or my workplace's end, or in between. I'm not really after help fixing the problem! Thanks :)



My employer provides a VPN service using a Checkpoint VPN product (uncertain exactly which); there are two routes into the network from a Linux machine, either using Checkpoint's SNX command line client, or using a web portal that runs a Java applet.



In the past, I was able to connect without any problem using the client, but it's recently ceased to work, giving me the following:



Check Point's Linux SNX
build 800007027
Please enter your password:
SNX: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.


The result is that I now have to use the Java applet. The admins are sure that nothing's changed on their end, and I'm 95% sure that nothing's changed on mine. I'd much rather use the SNX client than have to have Java in my browser.



How can I go about tracking down where the fault lies? I am not well-versed in much more than the basics as far as networking goes.










share|improve this question




























    up vote
    0
    down vote

    favorite












    Edit: what I'm looking for here is help finding out what's going on at the OS level, so that I can find out for sure whether the problem is on my end or my workplace's end, or in between. I'm not really after help fixing the problem! Thanks :)



    My employer provides a VPN service using a Checkpoint VPN product (uncertain exactly which); there are two routes into the network from a Linux machine, either using Checkpoint's SNX command line client, or using a web portal that runs a Java applet.



    In the past, I was able to connect without any problem using the client, but it's recently ceased to work, giving me the following:



    Check Point's Linux SNX
    build 800007027
    Please enter your password:
    SNX: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.


    The result is that I now have to use the Java applet. The admins are sure that nothing's changed on their end, and I'm 95% sure that nothing's changed on mine. I'd much rather use the SNX client than have to have Java in my browser.



    How can I go about tracking down where the fault lies? I am not well-versed in much more than the basics as far as networking goes.










    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Edit: what I'm looking for here is help finding out what's going on at the OS level, so that I can find out for sure whether the problem is on my end or my workplace's end, or in between. I'm not really after help fixing the problem! Thanks :)



      My employer provides a VPN service using a Checkpoint VPN product (uncertain exactly which); there are two routes into the network from a Linux machine, either using Checkpoint's SNX command line client, or using a web portal that runs a Java applet.



      In the past, I was able to connect without any problem using the client, but it's recently ceased to work, giving me the following:



      Check Point's Linux SNX
      build 800007027
      Please enter your password:
      SNX: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.


      The result is that I now have to use the Java applet. The admins are sure that nothing's changed on their end, and I'm 95% sure that nothing's changed on mine. I'd much rather use the SNX client than have to have Java in my browser.



      How can I go about tracking down where the fault lies? I am not well-versed in much more than the basics as far as networking goes.










      share|improve this question















      Edit: what I'm looking for here is help finding out what's going on at the OS level, so that I can find out for sure whether the problem is on my end or my workplace's end, or in between. I'm not really after help fixing the problem! Thanks :)



      My employer provides a VPN service using a Checkpoint VPN product (uncertain exactly which); there are two routes into the network from a Linux machine, either using Checkpoint's SNX command line client, or using a web portal that runs a Java applet.



      In the past, I was able to connect without any problem using the client, but it's recently ceased to work, giving me the following:



      Check Point's Linux SNX
      build 800007027
      Please enter your password:
      SNX: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.


      The result is that I now have to use the Java applet. The admins are sure that nothing's changed on their end, and I'm 95% sure that nothing's changed on mine. I'd much rather use the SNX client than have to have Java in my browser.



      How can I go about tracking down where the fault lies? I am not well-versed in much more than the basics as far as networking goes.







      linux networking debian vpn checkpoint






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 23 '14 at 19:45

























      asked Apr 23 '14 at 9:23









      Snewsley Pies

      35625




      35625






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          In general, googling your error message helps: have you seen this Web page, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30772?



          Don't be fooled by the disclaimer that it concerns a discontinued product, the page was last updated on march 13th, 2014. Basically, it is a matter of traffic on port 443 being blocked.



          As per your system admins claim that nothing changed on their side, did they really change nothing in OpenSSL? I find it hard to believe.






          share|improve this answer





















          • Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
            – Snewsley Pies
            Apr 23 '14 at 16:54












          • good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
            – Snewsley Pies
            Apr 23 '14 at 17:03










          • @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
            – MariusMatutiae
            Apr 23 '14 at 17:06










          • How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
            – Snewsley Pies
            Apr 23 '14 at 17:19










          • @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
            – MariusMatutiae
            Apr 23 '14 at 17:46











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f744965%2fcheckpoint-vpn-client-not-connecting-debian-wheezy%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          In general, googling your error message helps: have you seen this Web page, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30772?



          Don't be fooled by the disclaimer that it concerns a discontinued product, the page was last updated on march 13th, 2014. Basically, it is a matter of traffic on port 443 being blocked.



          As per your system admins claim that nothing changed on their side, did they really change nothing in OpenSSL? I find it hard to believe.






          share|improve this answer





















          • Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
            – Snewsley Pies
            Apr 23 '14 at 16:54












          • good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
            – Snewsley Pies
            Apr 23 '14 at 17:03










          • @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
            – MariusMatutiae
            Apr 23 '14 at 17:06










          • How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
            – Snewsley Pies
            Apr 23 '14 at 17:19










          • @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
            – MariusMatutiae
            Apr 23 '14 at 17:46















          up vote
          0
          down vote













          In general, googling your error message helps: have you seen this Web page, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30772?



          Don't be fooled by the disclaimer that it concerns a discontinued product, the page was last updated on march 13th, 2014. Basically, it is a matter of traffic on port 443 being blocked.



          As per your system admins claim that nothing changed on their side, did they really change nothing in OpenSSL? I find it hard to believe.






          share|improve this answer





















          • Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
            – Snewsley Pies
            Apr 23 '14 at 16:54












          • good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
            – Snewsley Pies
            Apr 23 '14 at 17:03










          • @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
            – MariusMatutiae
            Apr 23 '14 at 17:06










          • How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
            – Snewsley Pies
            Apr 23 '14 at 17:19










          • @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
            – MariusMatutiae
            Apr 23 '14 at 17:46













          up vote
          0
          down vote










          up vote
          0
          down vote









          In general, googling your error message helps: have you seen this Web page, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30772?



          Don't be fooled by the disclaimer that it concerns a discontinued product, the page was last updated on march 13th, 2014. Basically, it is a matter of traffic on port 443 being blocked.



          As per your system admins claim that nothing changed on their side, did they really change nothing in OpenSSL? I find it hard to believe.






          share|improve this answer












          In general, googling your error message helps: have you seen this Web page, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30772?



          Don't be fooled by the disclaimer that it concerns a discontinued product, the page was last updated on march 13th, 2014. Basically, it is a matter of traffic on port 443 being blocked.



          As per your system admins claim that nothing changed on their side, did they really change nothing in OpenSSL? I find it hard to believe.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 23 '14 at 16:45









          MariusMatutiae

          37.9k95195




          37.9k95195












          • Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
            – Snewsley Pies
            Apr 23 '14 at 16:54












          • good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
            – Snewsley Pies
            Apr 23 '14 at 17:03










          • @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
            – MariusMatutiae
            Apr 23 '14 at 17:06










          • How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
            – Snewsley Pies
            Apr 23 '14 at 17:19










          • @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
            – MariusMatutiae
            Apr 23 '14 at 17:46


















          • Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
            – Snewsley Pies
            Apr 23 '14 at 16:54












          • good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
            – Snewsley Pies
            Apr 23 '14 at 17:03










          • @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
            – MariusMatutiae
            Apr 23 '14 at 17:06










          • How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
            – Snewsley Pies
            Apr 23 '14 at 17:19










          • @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
            – MariusMatutiae
            Apr 23 '14 at 17:46
















          Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
          – Snewsley Pies
          Apr 23 '14 at 16:54






          Yes, I've seen it, and it doesn't help - firstly, 443 isn't blocked on my end, and secondly, the web portal Java applet (which is what the support article is talking about) works fine for me. [edit: pressed enter too soon!] And yes, I'm not totally convinced by the claim nothing's changed on the host end either - what I'm asking is how I can go about pinning down where the fault lies.
          – Snewsley Pies
          Apr 23 '14 at 16:54














          good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
          – Snewsley Pies
          Apr 23 '14 at 17:03




          good thinking re: OpenSSL, though, but this started several months ago, so long before Heartbleed!
          – Snewsley Pies
          Apr 23 '14 at 17:03












          @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
          – MariusMatutiae
          Apr 23 '14 at 17:06




          @SnewsleyPies Try one of those services which will try to contact an IP address on a port you specify, and report whether the port is reachable or not, like canyouseeme.org
          – MariusMatutiae
          Apr 23 '14 at 17:06












          How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
          – Snewsley Pies
          Apr 23 '14 at 17:19




          How will that help? I'm not hosting any services; I'm trying to connect to one, and I know I can connect to it through the other client.
          – Snewsley Pies
          Apr 23 '14 at 17:19












          @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
          – MariusMatutiae
          Apr 23 '14 at 17:46




          @SnewsleyPies If you assume that the CLI and Java applet work exactly the same way, then obviously there is no solution to your problem. As port 443 being unreachable as the source of the precise error message you receive, it is Check Point page that says as much, not me.
          – MariusMatutiae
          Apr 23 '14 at 17:46


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f744965%2fcheckpoint-vpn-client-not-connecting-debian-wheezy%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Сан-Квентин

          8-я гвардейская общевойсковая армия

          Алькесар