Linux cli client

Mezzano

Hello everyone,

I'm currently exploring options for connecting to a SonicWall NSA 4600 firewall device via the command line in Linux. I've been searching for a command or utility that would allow me to establish this connection without the need for a GUI interface.

Could anyone in the community share their experience or provide insights into whether such a command-line tool exists for this purpose?

Thank you!

Tanguy

BWC

@Mezzano are you talking about a text-gui (curses based) or api-wrapper-command or just a simple CLI? If it's the latter why not connecting via SSH to the appliance?

https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-enterprise-command-line-reference-guide.pdf

Probably not every aspect is configurable via CLI.

--Michael@BWC

Mezzano

Hello Michael,

Thank you for your response.

I apologize for any confusion. To clarify, I'm specifically looking for a method to establish a connection to a SonicWall VPN (not the firewall) using the command line interface (CLI) on Linux, rather than relying on SonicWall NetExtender or similar GUI-based tools.

Thank you for your help,

Tanguy

BWC

@Mezzano sadly NetExtender for Linux does not support CLI (at least that is what is documented), so you're stuck with a GUI.

But did you had a look at this (use at your own risk):

https://gist.github.com/youribonnaffe/5f36da98fa66e9328f78

--Michael@BWC

Arkwright

It works absolutely fine from the CLI, been using it for years.

netExtender --help

NetExtender for Linux - Version 10.2.817

Copyright (c) 2020 SonicWall

Usage: netExtender [OPTIONS] [server[:port]]

 -u, --username=USERNAME

 -p, --password=PASSWORD

 -d, --domain=DOMAIN

 -t, --timeout          Login timeout in seconds (default is 30 sec)

 -e, --cipher=CIPHER    SSL cipher to use

 -C, --cipher-list      Display list of available SSL ciphers and exit

 -m, --no-routes        Disable installation of remote routes

                         (testing option, not recommended for normal use)

 -M, --mtu=MTU          Specify MTU size in bytes

 -s, --ppp-sync         Select sync PPP mode

 -a, --ppp-async        Select async PPP mode

     --auto-reconnect   Automatically reconnect in case of failure

     --no-reconnect     Do not reconnect in case of failure

     --dns-prefer-remote Try remote DNS first, then try local DNS

     --dns-only-remote  Only use remote DNS servers

     --dns-only-local   Only use local DNS servers

 -r, --diag=FILENAME    Generate a diagnostic report and exit

 -v, --version          Display full NetExtender version information and exit

 -V, --version-num      Display NetExtender version number and exit

 -h, --help             Display this usage information

 server                 Specify the SSL VPN or UTM device either in

                         fully-qualified domain name (FQDN) or IP address

 The default port for server is 443 if not specified.

 Example:

   netExtender -u u1 -p p1 -d LocalDomain sslvpn.company.com

BWC

@Arkwright for the win, documentation says otherwise, glad to be proven wrong.

https://www.sonicwall.com/support/technical-documentation/docs/sma_100-10-2-user_guide/Content/sma-usr-using-vo-netext-user-config-display-cli.htm/

The NetExtender command line interface is only available on Windows platforms.

--Michael@BWC

Arkwright

Confusingly, "Command Line Interface" is actually part of the name of the tool. The linux version seems to be a different implementation with different options. So, the documentation is technically correct in that the specific bit of software called "NetExtender Command Line Interface" [NECLI] isn't available on Linux. But there is a CLI version of NetExtender shipped with the linux installer, so if you want to use Netextender from the command line interface on linux, you'll be fine.

Hopefully this discussion will help anybody googling this in future!