Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Linux cli client

MezzanoMezzano Newbie ✭

Hello everyone,

I'm currently exploring options for connecting to a SonicWall NSA 4600 firewall device via the command line in Linux. I've been searching for a command or utility that would allow me to establish this connection without the need for a GUI interface.

Could anyone in the community share their experience or provide insights into whether such a command-line tool exists for this purpose?

Thank you!

Tanguy

Category: VPN Client
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Mezzano are you talking about a text-gui (curses based) or api-wrapper-command or just a simple CLI? If it's the latter why not connecting via SSH to the appliance?

    Probably not every aspect is configurable via CLI.

    --Michael@BWC

  • MezzanoMezzano Newbie ✭

    Hello Michael,

    Thank you for your response.

    I apologize for any confusion. To clarify, I'm specifically looking for a method to establish a connection to a SonicWall VPN (not the firewall) using the command line interface (CLI) on Linux, rather than relying on SonicWall NetExtender or similar GUI-based tools.

    Thank you for your help,

    Tanguy

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Mezzano sadly NetExtender for Linux does not support CLI (at least that is what is documented), so you're stuck with a GUI.

    But did you had a look at this (use at your own risk):

    --Michael@BWC

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    It works absolutely fine from the CLI, been using it for years.


    netExtender --help

    NetExtender for Linux - Version 10.2.817

    Copyright (c) 2020 SonicWall

    Usage: netExtender [OPTIONS] [server[:port]]

     -u, --username=USERNAME

     -p, --password=PASSWORD

     -d, --domain=DOMAIN

     -t, --timeout          Login timeout in seconds (default is 30 sec)

     -e, --cipher=CIPHER    SSL cipher to use

     -C, --cipher-list      Display list of available SSL ciphers and exit

     -m, --no-routes        Disable installation of remote routes

                             (testing option, not recommended for normal use)

     -M, --mtu=MTU          Specify MTU size in bytes

     -s, --ppp-sync         Select sync PPP mode

     -a, --ppp-async        Select async PPP mode

         --auto-reconnect   Automatically reconnect in case of failure

         --no-reconnect     Do not reconnect in case of failure

         --dns-prefer-remote Try remote DNS first, then try local DNS

         --dns-only-remote  Only use remote DNS servers

         --dns-only-local   Only use local DNS servers

     -r, --diag=FILENAME    Generate a diagnostic report and exit

     -v, --version          Display full NetExtender version information and exit

     -V, --version-num      Display NetExtender version number and exit

     -h, --help             Display this usage information

     server                 Specify the SSL VPN or UTM device either in

                             fully-qualified domain name (FQDN) or IP address

     The default port for server is 443 if not specified.

     Example:

       netExtender -u u1 -p p1 -d LocalDomain sslvpn.company.com

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Arkwright for the win, documentation says otherwise, glad to be proven wrong.

    The NetExtender command line interface is only available on Windows platforms.

    --Michael@BWC

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Confusingly, "Command Line Interface" is actually part of the name of the tool. The linux version seems to be a different implementation with different options. So, the documentation is technically correct in that the specific bit of software called "NetExtender Command Line Interface" [NECLI] isn't available on Linux. But there is a CLI version of NetExtender shipped with the linux installer, so if you want to use Netextender from the command line interface on linux, you'll be fine.

    Hopefully this discussion will help anybody googling this in future!

Sign In or Register to comment.