Tuesday 31 August 2010

SonicWALL SSL-VPN NetExtender and openSUSE

Seems the "stable" version of SonicWALL's NetExtender (3.5.632 at time of writing) does not play nicely with my installation of openSUSE 11.3. I didn't have much luck with 11.2 either, but to be honest, I didn't really go into how to fixing it. Anyhow, I hadn't looked at it in a while as it's not critical, but I needed to get some work done tonight from home, so I tried again. Still, no luck:

netExtenderGui [19:29]
2010-08-31 19:30:05 BST INFO com.sonicwall.NetExtender Logging initialized.
2010-08-31 19:30:06 BST INFO com.sonicwall.NetExtender NetExtender version 3.5.632
Making a global reference ot the NetExtenderControl object registered with JNI
SUSE/Ubuntu compatibility mode on
printlog: first getting class id
printlog: getting printTologFromJNI method id
Found method id
,,,,,,,,,,,,,,,
,,,mmbbbbbb11111111111111111111111bbbbbmm,,,
,,,b||PPPPPPP||````````````````|PPPPPPPPP111111111111bbm,,
`````` `````PPPP111111111bm,
```PP1111111bm,
`PP111111b,
|111111:
NetExtender for Linux - Version 3.5.632 .1111P|.
Copyright (c) 2009 SonicWALL, Inc. ,b1PP|`
,,||```
Loading saved profiles...
JNI: setDestination:Setting Destination: ssl.--redacted!--.com (port 443)
JNI: LaunchNX: mypid = 12448
JNI: LaunchNX: Launching NetExtender2
JNI: LaunchNX: Using destination IP ssl.--redacted!--.com
JNI: LaunchNX: launching NX

Connecting to SSL-VPN Server "ssl.--redacted!--.com:443". . .
Connected.
Logging in...
Login successful.
Using SSL Encryption Cipher 'DHE-RSA-AES256-SHA'
Using new PPP frame encoding mechanism
SSL-VPN logging out...
SSL-VPN connection is terminated.
Exiting NetExtender client
JNI: LaunchNX: Exiting LaunchNX, returning (0)
Loading saved profiles...
2010-08-31 19:30:54 BST INFO com.sonicwall.gui.NetExtenderRootPanel NetExtender disconnected
JNI: LaunchNX: mypid = 12448
JNI: LaunchNX: Launching NetExtender2
JNI: LaunchNX: Using destination IP ssl.--redacted!--.com
JNI: LaunchNX: launching NX


And so on, it looped and looped before finally giving up. I discovered, through this Ubuntu forum, that there is an updated, albeit a pre-release, version, namely 4.0.665. This version doesn't seem to be readily available on the mysonicwall.com site, even when logged in, as stated by some users. It is, however, easily obtainable by visiting SonicWALL's demo site, https://sslvpn.demo.sonicwall.com and selecting the NetExtender icon. From there, you can unzip the file, and install as root or with sudo with a ./install in the resultant netExtenderClient folder. Agree to the auto-repair which is essentially just creating a symlink from /lib/libssl.so.6 -> /lib/libssl.so.1.0.0.

The installer may ask if you want to run the app as route. Since received wisdom states that this is generally a bad idea, and will require further steps when you run the app, say no to this option. This will, however, mean that you will need to make sure that pppd itself is setuid root. The installer ought to take care of this if you add "fixppp" as the first argument , or it is simply achieved with the following command:

chmod 4755 /usr/sbin/pppd

Once done, you ought to be able to run the pre-release version, using either the command netExtenderGui from the command line, or by copying /usr/share/netExtender/NetExtender.desktop to somewhere convenient and running that instead.