Kerio vpn client for Gentoo
For a very long time, in order to use the Internet, which is distributed to me through this very kerio vpn client, I had to keep a separate computer, with windows on board, as a proxy. It was the only machine that had to be carefully monitored, updated antiviruses, etc. Why windows? Yes, because the above-mentioned software was only for this OS. Why proxy? Yes, because, kvc somehow strangely establishes a network connection, that only locally installed applications could go to the Internet ... One way or another, the gateway could not be configured from this Windows.
But recently I learned that there was a way out for me (and maybe even for someone who reads this article)
So, let's begin.
The software consists of a nuclear module and a network daemon, which, in fact, establishes a connection.
On the kerio site you can download ready * .deb packages for Ubuntu / Debian ( download.kerio.com/archive/download.php ). It is very easy to install them, and installation and configuration instructions are attached to them.
But I had to install and configure everything on a Gentoo machine, since my home router is spinning under it.
')
Fortunately, the same link can be downloaded from the source of the module (as it turned out later, the deb-package also contained sources).
So, download source (kvnet kernel module source). Unpack it and go to the kvnet / drivers / vpn / linux directory.
Here we see the sources and a Makefile from which nothing useful can be extracted. After a short googling, a solution was found (because I don’t understand anything in the Makefile syntax, then google was required) on the kerio forum:
You need to bring the Makefile to the following form:
Now the make command is going to the kernel module It remains only to download it, for which we perform the following sequence of actions:
The module should boot without any problems (I tried on kernels 2.6.27 - 2.6.30).
Now let's do a demon. Download the kerio-kvc_6.6.0-5729-1_i386.deb file using the same link that was provided at the beginning of the article .
Unpack it. Next, unpack the file that appears data.tar.gz
From there, we immediately transfer the usr / lib / libkvnet.o and / usr / sbin / kvpnsvc files to the appropriate directories. After that we create the configuration file /etc/kerio-kvc.conf with the following content:
Unfortunately, I don’t know how to generate a password and a fingerprint, but borrowed a config from a virtual machine with ubuntu, on which I originally conducted tests. There, the setting was made by the following command: dpkg-reconfigure kerio-kvc , after which, in interactive mode, I entered the server's SP, login and password, and the password was generated and the server's fingerprint was requested automatically.
As soon as I have the appropriate information, I will immediately add it to the article.
Config wrote, now we try to run:
The demon fell out with an error
kvpncsvc: symbol lookup error: ./kvpncsvc: undefined symbol: gzopen64
The solution was also found on the kerio forum. You need to open the kvpncsvc file in the hex editor and find the line containing gzopen64. The last 2 characters must be removed. Those. instead of bytes 36 34 enter 00 00 . After that, everything starts smoothly.
It should be noted that the demon creates a folder with logs in the directory in which it was launched.
In addition, the kerio programmers from the writing of the demon were in their repertoire. When connecting, the daemon should set the default gateway itself from the settings it receives from the server, otherwise it will simply refuse to route something through its connection. Maybe I misunderstand something, but when I established the connection and set the necessary gateway manually, I did not have an Internet connection, and in the logs the daemon said that it could not route packets. Therefore, before starting the daemon, you must remove the default gateway (and prescribe the necessary routes so that the localhost works).
The route problem was solved by adding them to the /etc/conf.d/net file.
And to start the daemon, the following files were created:
/ sbin / kerio_start:
/etc/init.d/kerio
You need to make these files executable and you can run the connection.
But recently I learned that there was a way out for me (and maybe even for someone who reads this article)
So, let's begin.
The software consists of a nuclear module and a network daemon, which, in fact, establishes a connection.
On the kerio site you can download ready * .deb packages for Ubuntu / Debian ( download.kerio.com/archive/download.php ). It is very easy to install them, and installation and configuration instructions are attached to them.
But I had to install and configure everything on a Gentoo machine, since my home router is spinning under it.
Installation
')
Fortunately, the same link can be downloaded from the source of the module (as it turned out later, the deb-package also contained sources).
So, download source (kvnet kernel module source). Unpack it and go to the kvnet / drivers / vpn / linux directory.
Here we see the sources and a Makefile from which nothing useful can be extracted. After a short googling, a solution was found (because I don’t understand anything in the Makefile syntax, then google was required) on the kerio forum:
You need to bring the Makefile to the following form:
obj-m += kvnet.o
KDIR:= /lib/modules/$(shell uname -r)/build
PWD:=$(shell pwd)
kvnet-objs := \
init.o \
io_dev.o \
io_read.o \
io_write.o \
net_dev.o \
queue.o \
vnet.o \
utils.o
EXTRA_CFLAGS += -O -Wall -DMODULE -DWINNT=0 -DDBG=0 -D_LINUX
default:
$(MAKE) -C $(KDIR) M=$(PWD) modules
clean:
-rm -f *.o *.ko *.cmd *.flags *.mod.cNow the make command is going to the kernel module It remains only to download it, for which we perform the following sequence of actions:
- create the directory /lib/modules/tut.version.ashe.yadra/kernel/net/kvnet
- copy the kvnet.ko file into it
- depmod -a
- modprobe kvnet
The module should boot without any problems (I tried on kernels 2.6.27 - 2.6.30).
Now let's do a demon. Download the kerio-kvc_6.6.0-5729-1_i386.deb file using the same link that was provided at the beginning of the article .
Unpack it. Next, unpack the file that appears data.tar.gz
From there, we immediately transfer the usr / lib / libkvnet.o and / usr / sbin / kvpnsvc files to the appropriate directories. After that we create the configuration file /etc/kerio-kvc.conf with the following content:
<config> <connections> <connection type = "persistent"> <server> sp server </ server> <port> 4090 </ port> <username> username </ username> <password> XOR: password in xor </ password> <fingerprint> server fingerprint </ fingerprint> <active> 1 </ active> </ connection> </ connections> </ config>
Unfortunately, I don’t know how to generate a password and a fingerprint, but borrowed a config from a virtual machine with ubuntu, on which I originally conducted tests. There, the setting was made by the following command: dpkg-reconfigure kerio-kvc , after which, in interactive mode, I entered the server's SP, login and password, and the password was generated and the server's fingerprint was requested automatically.
As soon as I have the appropriate information, I will immediately add it to the article.
Config wrote, now we try to run:
kvpnsvcThe demon fell out with an error
kvpncsvc: symbol lookup error: ./kvpncsvc: undefined symbol: gzopen64
The solution was also found on the kerio forum. You need to open the kvpncsvc file in the hex editor and find the line containing gzopen64. The last 2 characters must be removed. Those. instead of bytes 36 34 enter 00 00 . After that, everything starts smoothly.
It should be noted that the demon creates a folder with logs in the directory in which it was launched.
In addition, the kerio programmers from the writing of the demon were in their repertoire. When connecting, the daemon should set the default gateway itself from the settings it receives from the server, otherwise it will simply refuse to route something through its connection. Maybe I misunderstand something, but when I established the connection and set the necessary gateway manually, I did not have an Internet connection, and in the logs the daemon said that it could not route packets. Therefore, before starting the daemon, you must remove the default gateway (and prescribe the necessary routes so that the localhost works).
The route problem was solved by adding them to the /etc/conf.d/net file.
And to start the daemon, the following files were created:
/ sbin / kerio_start:
#!/bin/bash
route del default
modprobe kvnet
cd /var/log/kvnet
kvpncsvc/etc/init.d/kerio
#!/sbin/runscript
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
depend() {
need net
}
start() {
ebegin "Startung Kerio VPN Client Daemon"
start-stop-daemon --start --quiet --chuid root --exec /sbin/start_kerio
eend 0
}
stop() {
ebegin "Stopping Kerio VPN Client Daemon"
start-stop-daemon --stop --quiet --user dconnect --retry 5 --signal 9 --exec kvpncsvc
eend 0
}
You need to make these files executable and you can run the connection.
/etc/init.d/kerio startSource: https://habr.com/ru/post/62030/
All Articles