Skip to content

Instantly share code, notes, and snippets.

@Lh4cKg

Lh4cKg/README.md

Last active August 29, 2025 07:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Lh4cKg/1f79fff5a72011aab8947781bba65835 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Lh4cKg/1f79fff5a72011aab8947781bba65835 to your computer and use it in GitHub Desktop.
Download ZIP
How To Install And Configure Kerio VPN Client On Redhat/Fedora Linux
Raw
README.md

Installation and Configuration Options:

  1. Manual installation and configuration
  2. Install Automatically via install_kerio.sh script

How to Use the Auto-Installer Script

  1. Download the script or Copy the code and save it to a file, for example: install_kerio.sh.

Make it executable:

$ chmod +x install_kerio.sh
  1. Run with sudo:
sudo ./install_kerio.sh
  1. Follow the prompts: The script will guide you through the selection and configuration process. Just enter the information when asked.
Raw
install_kerio.sh
#!/bin/bash
# Author: Lasha Gogua
# Github: https://github.com/Lh4cKg
# Kerio VPN Client Auto-Installer for Fedora/Red Hat
# Created based on commands from: https://gist.github.com/Lh4cKg/1f79fff5a72011aab8947781bba65835
# Features:
# 1. Version selection (Default or custom URL from Kerio Archive).
# 2. Prompts for server, username, and password.
# 3. Automatically fetches the server's MD5 fingerprint.
# --- Initial Setup ---
# Ensure the script is run with root privileges
if [[ $EUID -ne 0 ]]; then
echo "❌ This script must be run as root. Please use sudo."
exit 1
fi
echo "🚀 Welcome to the Interactive Kerio VPN Client Installer!"
echo "--------------------------------------------------------"
# --- 1. Version Selection ---
DEFAULT_URL="https://cdn.kerio.com/dwn/control/control-9.5.0-8975/kerio-control-vpnclient-9.5.0-8975-p2-linux-amd64.deb"
KERIO_CLIENT_URL=""
read -p "Do you want to install the default version (9.5.0 Path 2)? [Y/n]: " use_default
use_default=${use_default:-Y} # Default to 'Y' if user just presses Enter
if [[ $use_default =~ ^[Yy]$ ]]; then
KERIO_CLIENT_URL=$DEFAULT_URL
echo "Using default version."
else
echo "Please go to the Kerio Archive: http://download.kerio.com/archive/"
echo "Find the version you want, right-click on 'Kerio Control VPN Client - Linux (DEB amd64)', and copy the CDN link."
read -p "Paste the CDN link here: " custom_url
if [ -z "$custom_url" ]; then
echo "❌ No URL entered. Aborting."
exit 1
fi
KERIO_CLIENT_URL=$custom_url
fi
echo ""
# --- Get User Credentials ---
echo "Please enter your VPN connection details:"
read -p "Enter Server Address: " vpn_server
read -p "Enter Username: " vpn_user
read -sp "Enter Password: " vpn_password # -s flag hides the input
echo ""
if [ -z "$vpn_server" ] || [ -z "$vpn_user" ] || [ -z "$vpn_password" ]; then
echo "❌ Server, username, and password cannot be empty. Aborting."
exit 1
fi
echo "--------------------------------------------------------"
# --- Installation Steps ---
echo "📦 Starting installation process..."
# Install Dependencies
echo "Installing dependencies: alien and libxcrypt-compat..."
dnf install -y alien libxcrypt-compat &>/dev/null
if [ $? -ne 0 ]; then
echo "❌ Error installing dependencies. Please check your DNF configuration."
exit 1
fi
# Download the Kerio VPN Client
echo "Downloading Kerio VPN Client from the selected URL..."
wget -q --show-progress $KERIO_CLIENT_URL
if [ $? -ne 0 ]; then
echo "❌ Error downloading the Kerio client. Please check the URL."
exit 1
fi
DEB_FILE=$(basename $KERIO_CLIENT_URL)
# Convert .deb to .rpm
echo "Converting the .deb package to .rpm..."
alien --to-rpm ./$DEB_FILE &>/dev/null
if [ $? -ne 0 ]; then
echo "❌ Error converting the package. Make sure alien is installed correctly."
rm -f $DEB_FILE # Clean up
exit 1
fi
RPM_FILE=$(find . -name "kerio-control-vpnclient*.rpm" -print -quit)
if [ -z "$RPM_FILE" ]; then
echo "❌ Could not find the generated RPM file."
rm -f $DEB_FILE
exit 1
fi
# Install the .rpm package
echo "Installing the Kerio VPN client RPM package..."
rpm -Uvh --force $RPM_FILE &>/dev/null
if [ $? -ne 0 ]; then
echo "❌ Error installing the RPM package."
rm -f $DEB_FILE $RPM_FILE
exit 1
fi
# --- Automatic Fingerprint Generation ---
echo "🔐 Automatically fetching server fingerprint for $vpn_server..."
# The standard port for Kerio Control VPN is 4090
FINGERPRINT=$(openssl s_client -connect ${vpn_server}:4090 < /dev/null 2>/dev/null | openssl x509 -fingerprint -md5 -noout -in /dev/stdin | sed 's/.*=\(.*\)/\1/')
if [ -z "$FINGERPRINT" ]; then
echo "❌ Could not automatically get the server fingerprint."
echo " Please check the server address and ensure it's reachable on port 4090."
# Clean up before exiting
rm -f $DEB_FILE $RPM_FILE
exit 1
fi
echo "Fingerprint found: $FINGERPRINT"
# --- Create Configuration File ---
echo "⚙️ Creating the configuration file with your details..."
# Use a HEREDOC to create the file with the gathered variables
bash -c "cat > /etc/kerio-kvc.conf" << EOF
<config>
<connections>
<connection>
<server>${vpn_server}</server>
<username>${vpn_user}</username>
<password>${vpn_password}</password>
<fingerprint>${FINGERPRINT}</fingerprint>
</connection>
</connections>
</config>
EOF
# Set secure permissions
chmod 600 /etc/kerio-kvc.conf
# --- Finalize and Start Service ---
echo "🔄 Reloading systemd daemon and starting the service..."
systemctl daemon-reload
# systemctl enable kerio-kvc.service &>/dev/null
systemctl start kerio-kvc.service
# Clean up downloaded and converted files
rm -f $DEB_FILE $RPM_FILE
echo ""
echo "✅ All done! The Kerio VPN client has been installed and started."
echo "------------------------------------------------------------------"
echo "You can check the connection status with:"
echo " sudo systemctl status kerio-kvc.service"
echo ""
echo "To view logs, you can use:"
echo " tail -f /var/log/kerio-kvc/error.log"
echo " tail -f /var/log/kerio-kvc/debug.log"
echo "------------------------------------------------------------------"
Raw
kerio-kvc.conf
<config>
<connections>
<connection type="persistent">
<server>vpn.mydomain.ge</server>
<port>4090</port>
<username>my_username</username>
<password>my_password</password>
<fingerprint>36:09:24:65:23:53:C7:F8:06:8D:C9:35:82:5D:12:F2</fingerprint>
<active>1</active>
</connection>
</connections>
</config>
Raw
manual_install_kerio.sh
# 1. Download Kerio VPN Client for linux
wget https://cdn.kerio.com/dwn/control/control-9.5.0-8975/kerio-control-vpnclient-9.5.0-8975-p2-linux-amd64.deb
# 2. Install Alien Package Converter .deb to .rpm
sudo dnf install alien
# 3. Convert .deb package to .rpm via alien
alien --to-rpm ./kerio-control-vpnclient-9.5.0-8975-p2-linux-amd64.deb
# 4. Install dependencies
sudo dnf install libxcrypt-compat
# 5. Install Kerio VPN client
sudo rpm -Uvh --force kerio-control-vpnclient-9.5.0.8975.0.patch2-2.x86_64.rpm
# 6. Realod Systemd services
sudo systemctl daemon-reload
# 7. Check Status
sudo systemctl status kerio-kvc.service
# 8. Generate Fingerprint
openssl s_client -connect vpn.mydomain.ge:4090 < /dev/null 2>/dev/null | openssl x509 -fingerprint -md5 -noout -in /dev/stdin
# output
md5 Fingerprint=36:09:24:65:23:53:C7:F8:06:8D:C9:35:82:5D:12:F2
# you need only fingerprint value for kerio configuration, like this
# <fingerprint>36:09:24:65:23:53:C7:F8:06:8D:C9:35:82:5D:12:F2</fingerprint>
# 9. Configure Kerio VPN
# create kerio-kvc.conf file and insert below xml script, enter the correct data for these parameteres
# Server, Username, Password, Fingerprint
sudo nano /etc/kerio-kvc.conf
# 10. Set permission for kerio configuration file
sudo chmod 600 /etc/kerio-kvc.conf
# 11. Start Kerio VPN
sudo systemctl start kerio-kvc.service
# 12. Check Status
sudo systemctl status kerio-kvc.service
# 13. You can check debug and error logs for this service
# debug log
tail -f /var/log/kerio-kvc/debug.log
# error log
tail -f /var/log/kerio-kvc/error.log
# that's all, done.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment