Kerio VPN Client for Debian/Ubuntu Linux ======================================== Kerio VPN Client is a tool for secure connection into a private network running Kerio WinRoute Firewall on it's Internet gateway. PREPARATION =========== The following 32-bit Debian/Ubuntu Linux distributions are supported: Debian 5.0, Ubuntu 8.04, and Ubuntu 8.10. Before you start with Kerio VPN Client installation, make sure that the 'bzip2', 'module-assistant', 'debhelper' and 'openssl' packages are installed on your system. # apt-get install bzip2 module-assistant debhelper openssl INSTALLATION / UPGRADE ====================== Kerio VPN Client comes as two packages: kerio-kvc - the daemon kerio-kvc-source - the 'kvnet' kernel module source package For any particular version, is always necessary to install both the packages in the following order. First, install the 'kvnet' module source, build the module for your kernel and install it: # dpkg -i kerio-kvc-source_###_all.deb # module-assistant auto-install kerio-kvc-source Then, install the daemon package: # dpkg -i kerio-kvc_###_i386.deb (Replace ### above with the actual version string.) WARNING: After any kernel change (e.g. when a new kernel version is installed through the automatic updates), it is necessary to rebuild and reinstall the 'kvnet' module: # module-assistant auto-install kerio-kvc-source CONFIGURATION ============= Kerio VPN Client for Linux supports only one VPN connection at a time. During the daemon package installation, a configuration wizard is automatically started. The wizard will ask for the server name/address, username, password and it offers an automatic detection of the server's certificate fingerprint (for server identity verification). Alternatively, the server's certificate fingerprint may be entered manually. If you want to change the configuration later, run the wizard again by invoking the following command: # dpkg-reconfigure kerio-kvc Alternatively, it is possible to manually edit the configuration file: /etc/kerio-kvc.conf After any changes to this file, it is necessary to reload the configuration: # /etc/init.d/kerio-kvc reload HOW TO VERIFY THE SERVER'S CERTIFICATE FINGERPRINT? To make sure that the detected server's certificate fingerprint matches the desired server, take the following steps: 1. Open the Administration Console for particular Kerio WinRoute Firewall server. 2. Go to the Configuration / Interfaces section. 3. Open the VPN Server properties. 4. Compare the content of the Fingerprint field with the automatically detected certificate fingerprint. STARTING / STOPPING =================== Kerio VPN Client will be automatically started after installation and restarted after reconfiguration. You can start/stop it manually by invoking the command: # /etc/init.d/kerio-kvc {start|stop|restart} UNINSTALLATION ============== To uninstall Kerio VPN Client, remove all the installed packages: # apt-get remove kerio-kvc\* To uninstall Kerio VPN Client completely with configuration removal, use: # apt-get remove --purge kerio-kvc\* TROUBLESHOOTING =============== Kerio VPN Client creates the following log files in the /var/log/kerio-kvc directory: init.log - information on starting and stopping the daemon error.log - information on critical errors debug.log - more detailed status and error messages OPEN SOURCE SOFTWARE NOTICE =========================== The 'libkvnet' library is a free software distributed under the terms of GNU Lesser General Public License (LGPL). Current source tarball of the 'kvnet' module is available at: http://download.kerio.com/dwn/kvc-libkvnet.tgz