kvpnc"> ]> The &kvpnc; Handbook Christoph Thielecke
crissi99@gmx.de
Florian Fainelli
florian@alphacore.net
2004 2005 2006 2007 2008 Christoph Thielecke &FDLNotice; 2005-07-22 0.3 &kvpnc; is a TDE frontend for various vpn clients. KDE kvpnc VPN vpnc freeswan racoon IPSec IPsec Cisco OpenVPN PPTP
Introduction KVpnc is a TDE frontend for various vpn clients. It supports Cisco VPN (vpnc), IPSec (FreeS/WAN (OpenS/WAN), racoon), PPTP (pptpclient), OpenVPN, L2TP (FreeS/WAN, Openswan, strongSwan, ipsec-tools), Vtun and OpenSSH. Getting help General The project page can be found at: https://mirror.git.trinitydesktop.org/gitea/TDE/kvpnc. Contact the kvpnc team (TDE): Bug reports as well as wishes for (new) features can be reported at the address above. Mailing list trinity-user - this list is for users of KVpnc who want to discuss about KVpnc: trinity-users@lists trinity-devel - this list is related to development of KVpnc: trinity-devel@lists Using &kvpnc; The following picture shows the mainwindow of &kvpnc;. Screenshot of the main window of &kvpnc; Screenshot of mainwindow How I create an connection Cisco Concentrator A connection to a cisco concentrator will be often found at universities. The students can fetch the cisco client for use with it. Normally the administrator provides a configuration file (*.pcf), which also can be included in the client. The original cisco client has some problems: Needs a propriarity kernel module (can be build against own kernel) console only You need: Username, password, VPN ID, IP address or hostname of the VPN gateway and preshared secret (PSK) if you dont have a cisco profile file (*.pcf). To setup a connection to the Cisco concentrator you need to do the following steps: Import the pcf file given from administrator (if available go to step 4) Create a new profile with type cisco Set gateway (hostname or IP address of the cisco concentrator) at general profile settings Set at PSK profile settings (Pre shared key) the group password if you want to store it Set at user settings the user name and password (if you want to store it) IPSec ... OpenVPN ... PPTP PPTP is a old VPN protocol designed by Microsoft. Today its known to be insecure. Reasons are unencrypted control channel and design mistakes. &kvpnc; features KVpnc provides a lot of features: Easy to use TDE gui Docking in kicker Can be used to generate configuration files for the supported vpn clients Localized GUI Bulgarian Chinese Dutch French German Hungarian Italian Slovak Polish Portuguese Brazilian Russian Spanish VPN connection to Cisco concentrator VPN connection to VPN servers by using IPsec FreeS/WAN (Linux 2.4.x) or racoon (Linux 2.6.x/BSD) use Multiple profiles Preshared secret support X509 certificate support Cisco PCF file import PKCS12 certificate import Ping test Automatically sets routes and firewall rules (iptables) Automatically detects network device (can be overridden) Log file writing Supports different debug levels for kvpnc, racoon and vpnc PPTP support (pptpclient) OpenVPN support DCOP interface User notification on sucessful connection/disconnection NAT-T support (racoon/FreeSWAN/OpenVPN/vpnc) Log viewer Tool checking Retrieve dns servers from peer (PPTP) Special user-defined server certificate option (FreeS/WAN) Additional network routes support Support for Debian resolv.conf (vpnc) Colorized log output User notifications Deletes/keeps generated config files Checking of /dev/net/tun and creating missing device entry Stores size and position of the mainwindow Command Reference The main &kvpnc; window The File Menu &Ctrl;Top File Connect Establish connection using the currently chosen profile &kvpnc; &Ctrl;Bottom File Disconnect Disconnects from the currently used connection profile &kvpnc; &Ctrl;Q File Quit Quits the application definitively and do not store into the kicker &kvpnc; The Profile Menu N Profile New profile Creates a new profile &kvpnc; S Profile Save profile Saves the currently chosen profile &kvpnc; D Profile Delete profile Deletes the currently chosen profile &kvpnc; I Profile Import a Cisco PCF profile Imports a Cisco PCF profile &kvpnc; C Profile Import a certificate file Imports a certificate file &kvpnc; &Ctrl;C Profile Show debugging console Shows the debugging console &kvpnc; &Ctrl;T Profile Show tools informations Shows the found tools, paths, and if working whether or not &kvpnc; &Ctrl;L Profile Show log Shows the logfile &kvpnc; The <guimenu>Help</guimenu> Menu &help.menu.documentation; Questions and Answers What I have to do to get IPSec working? Please install and configure FreeS/WAN (Linux 2.4.x)/ipsec-tools (Linux 2.6.x) first. Then do the following steps: Import certificate (if X.509 is needed and it is PKCS12 which is ended with .p12). Setup a new connection (gateway, ...) Setup authentication (username,password/certificate/pre shared key) of the newly created connection. What I need for PPTP? You need a kernel with MPPE support and the pptpclient. Credits and License &kvpnc; Program copyright 2004-2005 Christoph Thielecke crissi99@gmx.de Contributors: KDE developers for great KDE. KDevelop developers for great KDevelop. Maurice Massar vpnc@unix-ag.uni-kl.de for his vpnc. Laurent Montel montel@kde.org for patches. Peter Kussmann peter.kussmann@gmx.de for various test environments and new ideas. D. Klinkenberg d.klinkenberg@gmx.net for intensive testing PPTP functionality, usebility hints, tests and bug hunting. All other people which report bugs. Packagers: Carsten Schöne cs@linux-adminstrator.com for building SuSE packages. Christoph Thielecke crissi99@gmx.de - german translation Witek Strzelczyk witek_strzelczyk@go2.pl - polish translation Tomas Olah tomas.olah@alert.sk - slovak translation Lapo Luchini lapo@lapo.it - italian translation Karoly Barcza kbarcza@blackpanther.hu - hungary translation Luk De Ketelaere balboy@kvirc.net and Jorgen Kessler jkesseler@home.nl - dutch translation Atanas M. bugar@developer.bg - bulgarian translation Juanjo Avarez Martinez juanjux@ yahoo.es - Spanish translation He Shi Jun hax.sfo@gmail.com and Marius Pacha marius@matux.de - Chinese translation Ahinu ahinu@wanadoo.fr , Florian Fainelliflorian@alphacore.net and Damien Raude-Morvan drazzib@drazzib.com - French translation Valeriy Girchenko valeragir@mail.ru - Russian translation Marc Serra Romero mad93@majomo.com - Catalan translation Bülent SENER bsener@inonu.edu.tr - Turkish translation &underFDL; &underGPL; Documentation copyright 2004 Christoph Thielecke crissi99@gmx.de Installation How to obtain &kvpnc; Download Get it from the release files section (https://mirror.git.trinitydesktop.org/gitea/TDE/kvpnc/releases). Packages for various distributions are available there: http://www.trinitydesktop.org/releases.php You dont need to compile it, if there is a package for your distribution. TDE The latest development code can be obtain from the git respository. Simply do: git clone https://mirror.git.trinitydesktop.org/gitea/TDE/kvpnc.git Requirements In order to successfully build &kvpnc;, you will need the tdelibs and libgcrypt libraries. The following tools are optional but minimal one of them is required for normal use. vpnc >= 0.2-rm+zomb-pre9 (0.3.x strongly recommended) - Cisco VPN FreeS/WAN (OpenS/WAN too) - IPSec VPN Linux 2.4/2.6 strongSwan - http://www.strongswan.org/ Openswan - http://www.openswan.org/ racoon - (ipsec-tools) > = 1.xIPSec VPN Linux 2.6 pptpclient - PPTP VPN l2tpd - http://l2tpd.sourceforge.net xl2tpd - https://www.xelerance.com/software/xl2tpd/ openl2tp - https://sourceforge.net/projects/openl2tp/ OpenVPN.- VPN based on SSL Vtun - http://vtun.sourceforge.net/ OpenSSH - https://openssh.net/ You can find a list of changes (not updated since 2010) at Changelog. Compilation and Installation To compile kvpnc simply do: tar xvfj kvpnc-<version>.tar.bz2 cd kvpnc-<version> mkdir -p build cd build cmake .. make su make install For basic cmake options, please readme the INSTALL file. Configuration Creating a new profile Click on "New profile..." from Profile menu. Select the type of connection, hostname of the vpn server. Also fill in remote network, username, password, pres shared key (PSK) or certificate if nessary. Click "Ok" for creating the new profile. &documentation.index;