A Fix for Checkpoint SecureClient VPN on Mac OS X 10.6 Snow Leopard
http://www.sysadmins-world.com/?p=1A Fix for Checkpoint SecureClient VPN on Mac OS X 10.6 Snow Leopard
Posted on 03 September 2009
Weall remember, once Leopard was out it took Checkpoint quite a long timeto update their VPN client. Now Snow Leopard is out and it begins …
After installing Snow Leopard, Checkpoints SecureClient refuses toinstall and if already installed (through an upgrade) it won’t start atall.
I did some investigation and I finaly made it working since Apple hasn’t changed too much.
1. The Checkpoint installer refuses to install
The installer checks up for the Darwin Kernel version 9. In SnowLeopard we have version 10. So two files need to be edit within theinstaller package.
[*]just right click on the installer and select Show Package Contents. This opens finder within the package.
[*]go to Contents/Resources.
[*]open TextEdit, use vi in a shell or whatever you prefer to edit a simple file
[*]on file “InstallationCheck” change the number 9 in line 8 to number 10: if [ "$MAJOR" != "10" ]; then
[*]same on file “postinstall “change the number 9 in line 84 to number 10
That’s it. Just install it and reboot. Changes need to make afterwards in order to have it starting.
2. SecureClient fails to start
http://www.sysadmins-world.com/wp-content/uploads/2009/09/Screen-shot-2009-09-07-at-1.28.55-PM_2-300x137.png
Now this gets just a bit more tricky. Apple has moved some optionsof kextload to kextutil in 10.6. Checkpoint hardcoded such an option -sin two binary files. This option is to create the symbol files in theCheckpoint directory. It does not exist anymore in kextload, and isnow provided in kextutil. But creating the symbol files is only neededfor debug reasons, so not really necessary. Therefore I only replacedthe option -s with option -r to fill up the space, because the binaryfile should not change in size. Two binary files have to be changedwith an hexeditor.
Preparation:
[*] Download and install a hexeditor. 0xED is one of it.
[*]After inserting the first command, it will ask you for your local user password (User needs Administrator permission)
[*]Open the terminal application from Utilities folder and type:.
sudo cp /opt/CPsrsc-50/bin/StartupItemsMgr $HOME/Desktop
sudo cp /opt/CPsrsc-50/boot/SecureClient/SecureClientStarter /$HOME/Desktop
sudo chown $USER /$HOME/Desktop/StartupItemsMgr
sudo chown $USER /$HOME/Desktop/SecureClientStarter
[*]Now run 0xED and choose File/Open Files from the Menu to load the StartupItemsMgr andSecureClientStarter from your Desktop in it.
[*]From Menu Edit choose Find/Find or just press Apple-F and type in to find: “kextload -s” and type in replace “kextload -r”
Click on Replace All
http://www.sysadmins-world.com/wp-content/uploads/2009/09/Screen-shot-2009-09-11-at-11.49.50-AM-300x146.png
Save and close …
[*]Now once you succeeded editing copy those back and type in the terminal window:
sudo cp $HOME/Desktop/StartupItemsMgr /opt/CPsrsc-50/bin/
sudo cp $HOME/Desktop/SecureClientStarter /opt/CPsrsc-50/boot/SecureClient/
rm $HOME/Desktop/StartupItemsMgr
rm $HOME/Desktop/SecureClientStarter
[*]Reboot and you should have SecureClient starting …
I also succeeded by doing all the changes on the installer package.Probably only interesting if you have a few Macs to install. As soonas I have a bit more time I could write it down here.
Please let me know if this did help.
http://wp1111907.wp147.webpack.hosteurope.de/wp-content/uploads/2009/09/CPVPN.jpg
http://www.sysadmins-world.com/wp-content/plugins/wp-spamfree/img/wpsf-img.php
<!--begin postmetadata -->
页:
[1]