Kerio control версия linux

Настройка клиента VPN от Kerio на Linux Ubuntu

Установка Kerio VPN Client

Переходим на страницу загрузки Kerio Control и копируем ссылку на соответствующую версию клиента:

* со стороны Kerio есть клиенты для Linux только для Debian/Ubuntu 32-bit или 64-bit.

Используя скопированную ссылку, загружаем клиент на Linux:

* в данном примере нами была скопирована 64-х битная версия клиента.

Устанавливаем необходимые для работы VPN-клиента компоненты:

apt-get install debconf openssl

И устанавливаем сам клиент:

dpkg -i kerio-control-vpnclient-linux-amd64.deb

Система в процессе установки сразу предложит диалоговые окна для настройки. В первом окне вводим адрес нашего сервера (Kerio VPN Server):

* для примера мы введи адрес внутренней сети, но чаще, будет необходимость в использовании внешнего адреса для сервера.

Разрешаем автоматически определить отпечаток для сертификата сервера:

После определения отпечатка, он будет выведен на экран, а нам нужно будет его принять:

Вводим имя пользователя для авторизации в сети VPN:

Вводим пароль для пользователя:

Система завершит установку.

Разрешим автозапуск сервиса и стартанем его:

systemctl enable kerio-kvc

systemctl start kerio-kvc

Настройка Kerio VPN Client

Настройку клиента мы выполнили в момент установки. Но если нам необходимо изменить конфигурацию или мы ошиблись, то изменения можно внести командой:

Источник

System requirements overview — Kerio Control

SYSTEM REQUIREMENTS

Software Appliance

• CPU: 2 GHz
• Memory: 4 GB RAM
• Hard drive: 12 GB HDD space for OS, product, logs and statistics data
• Network interface: 2 Ethernet (10/100/1000 Mbit)
• HW: Kerio Control is based on Linux kernel version 3.16. Hardware supported by this kernel is required.
  For list of supported hardware see https://support.gfi.com/hc/en-us/articles/360011357960

VMware Virtual Appliance

• VMware Workstation/Player 11+
• VMware Fusion 7+
• VMware ESXi / vSphere Hypervisor 5.5+

• CPU: 2 GHz
• Memory: 4 GB RAM assigned to the virtual machine
• Hard drive: 12 GB assigned HDD space for OS, product, logs and statistics data
• Network interface: 2 assigned virtual network adapters

Hyper-V Virtual Appliance

• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2
• Windows Server 2012
• Windows Server 2008 R2

• CPU: 2 GHz
• Memory: 4 GB RAM assigned to the virtual machine
• Hard drive: 12 GB assigned HDD space for OS, product, logs and statistics data
• Network interface: 2 assigned virtual network adapters

KERIO CONTROL VPN CLIENT

Windows

Operating systems:

• Windows 10 (all editions)
• Windows 8.1 (all editions except RT)
• Windows 7 (all editions)
• Windows Vista (all editions)
• Windows Server 2012 R2 (all editions except Core)
• Windows Server 2012 (all editions except Core)
• Windows Server 2008 R2 (all editions except Core)
• Windows Server 2008 (all editions except Core)
• Windows Server 2003 R2 (all editions)
• Windows Server 2003 (all editions)

*Latest service pack and up to date security patches are required unless otherwise stated.

macOS

Operating systems:

• OS X 10.8 Mountain Lion
• OS X 10.9 Mavericks
• OS X 10.10 Yosemite
• OS X 10.11 El Capitan
• macOS 10.12 Sierra
• macOS 10.13 High Sierra
• macOS 10.14 Mojave

*Latest updates are a requirement unless otherwise stated.

Linux

(32-bit editions and 64-bit editions are supported)

Operating Systems:

IPSEC VPN CLIENT DEVICES

• Android 5+
• Apple iOS 8+
• Windows 10 Mobile

CLIENT WEB BROWSERS

Basic User Login/Logout

All HTTP(S)-compliant web browsers including mobile browsers are supported. Kerio Control may require browser to support certain version of encryption protocol.

Kerio Control Administration and Kerio Control Statistics

• CPU: 1 GHz (2.4GHz dual-core for best performance)
• Memory: 1 GB RAM (512 MB on Windows XP with Firefox or Google Chrome)

• Microsoft Internet Explorer 11
• Microsoft Edge 20 and newer
• Firefox 23 and newer
• Safari 5 and newer
• Google Chrome 31 and newer

Источник

What’s new in Kerio Control

Version 9.3.6.1

Released: May 31, 2021

Release notes

• M1 MAC VPN client support
• Interface mapping of NG511 Fixed
• macOS VPN client updated to fix a script that was preventing installation on Big Sur
• Update Windows VPN Client to make it compatible with Windows 20H2
• New configuration «»L2TPUpScriptWaitSeconds»» and «L2TPUpScriptConnectTryCount»» introduced to recover stuck LT2P connections
• New configuration «»DisableUniqueIDs»» introduced to prevent IPSec VPN disconnects
• New traffic patterns added to properly block Teamviewer connections
• Introduce new configuration «»InternetLinkAutoGatewayInterfaceList»» to stop probing interfaces which doesn’t have a gateway
• Fix HA interface name validation failure happens when one of HA machine has legacy interface names
• OpenSSL library is upgraded from 1.0.2j to 1.1.1d
• HSTS (Strict-Transport-Security) Header added
• Upgrade and Factory-reset scripts are failing because of signature image issue
• Links on the IP Blacklist screen were either wrong or timing out. Now all links corrected
• Info message displayed after distrusting a certificate updated for VPN connections
• Fix crash in HA Slave machine happens when slave account host activity
• TLS triple handshake vulnerability fixed by updating /etc/sshd_config configuration file

Patch resolution details:

• Using Active Directory authentication (only). It causes authentication with Active Directory to fail making AD user connections not possible.
• HSTS causes 2FA fail on Kerio VPN

Downloads and Upgrades:

For product downloads and information about upgrading Kerio Control, visit the GFI Upgrade Center.

If you have additional queries about these changes, please do not hesitate to contact us or an authorized GFI Partner directly.

Customers with a
valid subscription are
entitled to a FREE upgrade.
Download the latest version

Version 9.3.5

Released: August 27, 2020

Release notes

• The custom logo does not appear on login or deny pages
• Wrong Country code for Serbia
• Active Connections — Destination Country missing table information
• Active Connections — Source Country missing table information
• Content filter rules not blocking Teamviewer
• Page refresh/close display an error dialog on Google Chrome
• Unable to complete PPPoE discovery (NBN connection)
• VPN Driver does not install on Windows 10 Update 2004
• Kerio Control Slave unit fails to dial PPPoE
• Localization string «Alert-HA» not found in any language
• Statistics report errors in HA-Slave control
• Unable to differentiate email report if from Master or Slave
• Fixes for NG110, NG310, NG510/511 compatibility issues

Version 9.3.4

Released: February 13, 2020

Release notes

Support for a wide range of USB WIFI Adapters — Drivers:

• rtl818x_pci.ko
• rtl8187.ko
• btcoexist.ko
• rtl8188ee.ko
• rtl8192c-common.ko
• rtl8192ce.ko
• rtl8192cu.ko
• rtl8192de.ko
• rtl8192se.ko
• rtl8723be.ko
• rtl8723-common.ko
• rtl8821ae.ko
• rtl_pci.ko
• rtl_usb.ko
• rtlwifi.ko
• rt2400pci.ko
• rt2500pci.ko
• rt2500usb.ko
• rt2800lib.ko
• rt2800mmio.ko
• rt2800pci.ko
• rt2800usb.ko
• rt2x00lib.ko
• rt2x00mmio.ko
• rt2x00pci.ko
• rt2x00usb.ko
• rt61pci.ko
• rt73usb.ko

• Last few entries of Active Connections list not displayed correctly in Firefox
• Active connections table do not show the column entries when the order is changed

Version 9.3.3

Released: December, 27 2019

Release notes

• HyperScan engine in SNORT for increased performance
• VPN Tunnel supports SHA2 in Phase2

• Cannot add multiple VPNs into traffic rules

Version 9.3.2

Released: November, 21 2019

Release notes

• VPN Client Support for macOS Catalina
• VPN Client compatibility with Microsoft Windows 10 (1903)

• PPPoE Interface not saved on Edit
• SACK Vulnerability patches to Kernel
• Problem with port forwarding by source IP with DHCP
• ScreenConnect application keeps disconnecting
• DHCP allocated incorrect number shown on UI
• «Single Internet Link» forwards all traffic to a dead-end if 1 WAN link present
• Web filter not blocking streaming websites
• Microsoft Discovery Service not finding devices over VPN
• Source NAT preselects first entry in list repeatedly
• User not able to configure tcp_min_snd_mss
• HA — Active Slave does not apply MAC filter rules properly
• HA — Sync not working correctly due to incorrect archive filesize
• VPN Client not opening browser when 2FA configured (Linux)

Version 9.3.1

Released: September, 17 2019

Release notes

• HA Disconnect Kerio VPN on passive slave
• HA VLANs removed on sync from Master to Slave
• HA Bandwidth management link speed is not persistent on slave
• HA Fails to Start
• HA Several improvement and network compatibility fixes
• Some Web pages are not blocked and can be accessed via Bing search
• 3rd party IPsec VPN tunnel not being established due to unknown crypto suites
• Update to driver for PCI Network Card Intel X710-T4
• IPSec VPN tunnel failed to reconnect after an interruption on the remote side since 9.3.0
• Kerio Interfaces staying «no connectivity» even when there is a connection
• An unauthorized user can access the internet with the help of authorized users
• Malicious URL to Kerio Control login page can be used to inject code in session

Version 9.3

Released: April, 9 2019

Release notes

• High Availability — Active/Passive — Enable a secondary (Slave) identical Kerio Control to take over when the primary (Master) device is offline
• IKEv2 Support (enable via console)

• Primary IP for WAN interface changes after reboot
• Last few entries of DHCP reservation list not displayed correctly in Firefox
• Address group still visible after being deleted
• IPSEC Tunnel drops in certain circumstances
• Configuration restore wizard IP addresses not populating
• Teamviewer application not blocked by Content Filter
• SafeSearch blocks Yandex

Version 9.2.9

Released: January, 31 2019

Release notes

• Kerio VPN — Disabled insecure and vulnerable protocol Blowfish
• Change snort nice value to -4 to improve traffic
• IRQ improvements for snort process to improve traffic
• HW NG500 crash

Note: Older Kerio VPN Clients are not able to connect using this build. To allow please follow the following steps.

Open ssh connection or from console
Go to /opt/kerio/winroute folder
Run ./tinydbclient «Update VPN set AllowBlowfishCipher=1»

Version 9.2.8

Released: November 27, 2018

Release notes

• Limit Bandwidth Per Host
• Optimize Application Awareness memory footprint
• Reconfigure Kerio AV to optimize memory usage
• Kerio VPN new encryption protocol AES
• Kerio VPN Client supports the new protocol
• Force hostname for VPN clients

• Accessing User and Groups crashes WebAdmin on IE11
• User Statistics not getting updated
• Installation of VPN Client fails on Ubuntu 18.04 LTS 64-bit Desktop version
• No traffic over VPN after enabling 2FA on iPhone running iOS 11.4.1
• Kerio VPN 2-Step Verification Unable to resolve hostname
• Filtering Web Content by word occurrence returns broken HTML
• User details not getting updated in Active hosts

Note: Kerio Control VPN Client does not work with previous versions of Kerio Control (version 9.2.7 and earlier)

Version 9.2.7

Released: September 4, 2018

Release notes

• 2-Step verification UI improvements
• DHCP leases column added in DHCP
• DST notification added to time zone settings page
• IPv6 anti-spoofing functionality added
• Linux VPN client now supports systemd
• Unify approach to entering URL in rules
• Upgraded Firefox install CA walkthrough screenshots

• Categories are not getting merged one when testing the miscategorized URLs in Content filter
• Changing description for multiple users changes only those who have separate configuration
• Crash with error handling during domain joining/leaving
• Disable view user statistic when multiple users are selected
• Entries with multiple members in Service list not getting searched
• HTTP Cache dump should works without selected cache any message type
• Interface group ordering disabled
• IPSec connection is dropped every 3 hours
• IPsec: Some fields are cleared when Cipher configuration dialog is closed
• P2P suspicious connection detection
• Preventing license usage when there is spoofing IPv6 connection
• Show details while joining AD fails because of time skew
• Technical support button on dashboard redirects to GFI support now
• Tunnel reset when cipher config dialog is closed
• User right column sort by rendered value
• SafeSearch blocking Google Cloud Messaging
• View Guest users in Kerio Control Statistics opens stats of «Not logged in» user

Version 9.2.6

Released: May 16, 2018

Kerio Control 9.2.6 includes security enhancements to allow encryption of personal and sensitive data collected and stored by the product.

Release notes

• Added support for Encrypting personal/sensitive data stored on the disk

• Crash in some occasions due to empty HTTP header name

Version 9.2.5

Released: March 22, 2018

Kerio Control 9.2.5 provides security improvements with an upgrade to the IPSEC VPN encryption key and complete removal of PHP code in the server code base. This release also includes over 20 customer reported fixes.

Release notes

• Removal of PHP server-side scripting from Web Interface
• Upgrade of strongSwan 5.5.1
• Improved starting/stopping of VPN Client on Debian 8
• VPN Client now supports macOS High Sierra

• Translation issues
• User preferences automatic language set to detected language
• Installation of VPN Client fails on Windows 7, 8
• The WiFi driver has been updated for better compatibility and stability
• Dashboard Traffic Chart Tile does not show relevant units
• Changing description for multiple users changes only those who have separate configuration
• Empty exclusions for connection limit corrupts config
• View Guest users in Kerio Control Statistics opens stats of «Not logged in» user
• WebAdmin error during configuration import
• Install CA screenshots are from old FireFox
• Menu bar icon not optimized for Mac with retina
• Remote Services: Data are not reloaded when changes are discarded on screen reload
• Bandwidth management traffic dialog: wrong info text
• Crash in ThreadCpuTime, when gdata.start_error = 1
• Assert in DhcpLeaseTab::save()
• W10 Edge cannot login and access web interface if IPv6 is enabled
• Missing limiter of AV check failed alert
• Russian Business Network blacklist is missing in IPS update
• Remove unsecure DES-CBC3-SHA from cipherlist
• Wi-Fi should be WiFi (legal requirement)
• Kerio VPN tunnels are using local networks defined in IPsec section (as Remote networks)
• Exported cfg. backup is corrupted
• Sending notifications from Kerio Control — InCorrect Format of notification
• On Groups page, «Rights» column is not sorted in correct order

• Crash every hour when sending email for invalid user after antivirus scanning

• NTLM Authentication issue
• 2 Step Authentication issue
• Recompilation of WIFI driver with different flags for more compatibility

• Crash when SNAT missing target interface

• Crash when multiple pages denied occur while first deny is delayed
• Crash when internal page requests using same «lang» parameter
• UPnP not listening on all interfaces

• 2 Step Verification for user does not show QR Code

Version 9.2.4

Released: October 26, 2017

Kerio Control 9.2.4 provides a WiFi security update to the WPA2 protocol for the NG100W and NG300W hardware appliances.

Release notes

• Updated hostapd for enhanced WiFi security

Version 9.2.3

Released: August 21, 2017

Kerio Control 9.2.3 brings fixes for customer reported issues including a Security Settings error and fixes a possible loop that resulted in the CPU locking.

Release notes

• OpenSSL upgraded from 1.0.1u to 1.0.2j
• Updated country list used in SSL Certificate definition

• CPU lock due to winroute loop

Version 9.2.2

Kerio Control 9.2.1 brings you significant performance improvements in all Kerio Control’s security and inspection methods and filters. For example:

• Kerio Control now supports 64-bit hardware, which can improve performance by 15-20%
• Large segment offload (LSO)

Kerio Antivirus

Kerio Control 9.2.2 introduces Kerio Antivirus. Kerio Antivirus is powered by the Bitdefender antivirus engine and replaces the current Sophos Anti-Virus.

When upgrading to Kerio Control 9.2.2 from earlier versions, Kerio Antivirus automatically replaces the Sophos Anti-Virus.

Kerio Control hardware devices support Wi-Fi

Kerio Technologies launches Kerio Control NG100W and Kerio Control NG300W hardware devices with embedded WiFi access point which provide connectivity for wireless devices such as cell phones, tablets, and laptops. The Kerio Control WiFi module supports:

• Dual-band antenna, which provides 2.4 or 5 GHz
• Wireless standards 802.11a, b, g, n, and ac
• Authentication: none, WPA, WPA2 (PSK or Enterprise)
• Up to eight wireless networks (SSIDs)

Read more in our Knowledge Base:

Optimizing performance with LSO

Kerio Control includes large segment offload, also referred to as generic segmentation offload. LSO allows the network interface controller to process the segmentation of a data transfer and significantly improves performance. However, these improvements are noticeable only during large data transfers, such as file downloads, or video streams.

The throughput gain depends on the particular deployment. For example, you can expect up to 400 Mbps on the Kerio Control NG100 hardware appliance.

Blocking incoming connections from specified countries

Kerio Control allows you to filter incoming traffic by country (GeoIP). Kerio Control then blocks all IP addresses that belong to the countries specified in the filter.

IPsec VPN tunnel configuration update

Kerio Control 9.2 adds a detailed configuration for IKE and ESP ciphers used in IPsec VPN tunnels. With this detailed configuration you can easily create IPsec VPN tunnels with third-party firewalls.

Read more in our Knowledge Base: Configuring IPsec VPN tunnel.

Changes in system requirements

• Kerio Control supports 64-bit hardware.
• Hyper-V on Windows Server 2016.

• Backup to Samepage has been discontinued. Back up your Kerio Control configuration to MyKerio instead. See Saving configuration to MyKerio.
• Support for hardware with 32-bit CPUs will be removed in Kerio Control 9.3. For details, see End of life of Kerio Control Box 1110.

• Kerio Control 9.2 and newer supports 64-bit hardware.
• Upgrade from Kerio Control 8.0 and newer.

Kerio Control does not permit upgrades from versions older than 8.0.

Источник