OpenVPN GUI for Linux - KVpnc¶
KVpnc is a Linux frontend that is able to manage many type of VPN clients such as: Cisco VPN, IPSec, PPTP, OpenVPN, L2TP.
It has also the SmartCard support.
Obviously, in this document we will see only the installation and configuration of KVpnc related to OpenVPN.
Binary packages of KVpnc exist for many Linux distributions such as the RPM for Suse and Fedora. For Ubuntu and Kubuntu (and other Debian derived distributions), you can easily install KVpnc with OpenVPN by using the commands:
sudo apt-get install openvpn
sudo apt-get install kvpnc
Notice that, unlike the other GUIs, the packages of KVpnc do not include OpenVPN, but you must install it alone. In order to make this document regardless of the Linux Distribution used, we will build and install KVpnc by compiling the source code, but if a binary package exists for your Linux distribution, you should prefer to use it without waste your time in the building process.
Because KVpnc uses the QT libraries, their presence and their include files are required in the build process. In the next steps, we will assume that the OpenVPN package is already installed. If you are not in this situation, you should read the section Build and install OpenVPN to learn to install OpenVPN.
- Download the KVpnc's source code package from the web page http://home.gna.org/kvpnc/. We'll use the release 0.8.9 of KVpnc, but you should get the latest one;
- Extract the source code by using the command:
tar xvfj kvpnc-0.8.9.tar.bz2 - Build and install KVpnc by following this steps:
cd kvpnc-0.8.9
./configure
make
sudo make install
For some Linux distributions, the ./configure command could be unable to locate the QT libraries. In this case, you must find out where the include files and the libraries are located and specify the paths by adding the parameters --with-qt-includes=/usr/lib64/qt-3.3/include/ --with-qt-libraries=/usr/lib64/qt-3.3/lib/ to the ./configure. Of course, you should replace the path /usr/lib64/qt-3.3/ with the one in which the QT libraries are located in your Linux system;
Make the directory /etc/openvpn/ with the command sudo mkdir /etc/openvpn and copy in the new directory the files t2.ovpn and CA.pem.
How to obtain such files is described in the section The configuration file of OpenVPN;
To use KVpnc with unprivileged users the sudo command is required and the line
ALL ALL=NOPASSWD:/usr/bin/kvpnc
must be added at the end of the file /etc/sudoers (notice that you need to have administrator privileges to change this file). After that, you are able to launch the kvpnc process by using the command:
sudo /usr/bin/kvpnc
In this manner, the kvpnc will have the root's privileges needed to create the tap0 Virtual Ethernet Interface and add the static routes in the Kernel routing table;
Import the profile that allow you to create a VPN with ciop by using the following command:
kvpnc --openvpnimport=/etc/openvpn/ciop.ovpn
Press [Apply] and then [Ok] on the Profile Manager. After that, save the t2 profile using the [Profile]->[Save Profile...] menu item and close kvpnc interface with [File]->[Quit] menu item;
Start the KVpnc GUI with the command sudo /usr/bin/kvpnc and click the [Connect] button to establish the VPN connection. At this point, you are requested for the username and the password to use to authenticate your identity against the VPN server (look at the Note *).
If you want to verify that the IP address that the VPN server has assigned to you, actually belongs to the remote LAN with which you are connected, you have to open a terminal and at the prompt of the shell type the command:
ifconfig tun0
the result looks like this:
tun0 Link encap:Ethernet HWaddr 26:8F:1E:31:44:DD
inet addr:10.12.0.6 Bcast:10.12.0.255 Mask:255.255.255.0
inet6 addr: fe80::248f:1eff:fe31:44dd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1384 (1.3 KiB) TX bytes:1668 (1.6 KiB)
The line that starts with inet show you that the VPN IP address assigned to you is 192.168.250.50 (by default Terradue issues IP addresses which belong to the subnet 10.12.0.0/24 with 10.12.0.1 as Default Gateway).
To be sure that the IP traffic is actually routed across the VPN and hence encrypted, you must check that the IP Address and the Default Gateway assigned to the TAP Virtual Interface belong to the remote LAN you are connected.
To better check this condition, you could also use the traceroute -n <Remote IP Address> command: if the first hop that is printed belongs to a subnet of the remote LAN (10.12.0.1 by default) then your VPN works fine and the traffic that reaches the remote site is encrypted across Internet.
Updated by Herve Caumont over 11 years ago · 1 revisions