Call a Specialist Today! 855-958-0756

NCP Secure VPN Enterprise Client for Linux
Versatile Central Manageable VPN Client Suite for Linux

NCP Secure VPN Enterprise Client for Linux

NCP Products
NCP Managed VPN Client Suite
NCP Secure Enterprise Linux Client - IGEL Edition, 1 to 99 users
*Price per user. Quantity must be 1 or greater
Get a Quote!

Pricing notes:


Compared to common VPN clients the NCP Secure Enterprise Linux Client Suite features – in addition to IPsec VPN functionality – a personal firewall, an integrated dialer (internet connector) with integrated 3G/4G card support and a Wi-Fi administration tool.. IT departments are able to centrally manage all components of the solution. For users this means that upon clicking (one-click solution) the VPN client software automatically carries out the Internet dial up, sets up the VPN tunnel, selects the transmission network and selects the appropriate firewall policy.



Rely on high-quality IT security software made in Germany

  • IPv6 supported dynamic personal firewall
  • data encryption
  • strong authentication
  • multi-certificate support
  • parameter locks
  • FIPS Inside
  • automatic adaption of firewall rules


Mindful of one of the biggest challenges organizations face – cost savings

  • Budget Manager for full cost control
  • support for 3G/4G hardware (LTE)
  • Custom Branding Option
  • Central Management

Ease of use

Reduced IT complexity

  • a single and easy-to-use user interface (one click) for the connection setup
  • integrated support for 3G/4G hardware
  • a reliable, uninterrupted VPN connection
  • automatic, location-aware adaption of firewall rules through the NCP VPN Client
  • automatic media recognition
  • seamless Roaming
  • easy domain registration


The best mobile device user experience

  • Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
  • auto-connect to your corporate network
  • reliable and uninterrupted VPN connections
  • quick and secure hotspot logon
  • Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology

Technical Data:

Secure VPN Enterprise Client for Linux: Technical Data
Operating System 32/64 Bit: Ubuntu Desktop 10.04.3 LTS, open SUSE 11.3, 11.4, 12.1, Fedora 16, Debian 5.0.8
Security Features The Secure Enterprise Linux Client supports all major IPsec standards in accordance with RFC
Personal Firewall Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (FND)* (analysis of: current network address and IP address; automatic FND, secure hotspot logon; differentiated filter rules relative to: protocols, ports and addresses, LAN adapter protection, central administration with Client firewall configuration plug-in*
Virtual Private Networking IPsec (Layer 3 Tunneling), RFC-conformant; IPsec proposals can be determined through the IPsec gateway (IKE, IPsec Phase 2); Event log; communication in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512, MD5, Diffie-Hellman Groups 1,2,5,14
Authentication Processes IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication;
IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smart cards, and USB tokens:
Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready
FIPS Inside The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
  • Group 2 or higher (DH starting from a length of 1024 bits)
  • Hash Algorithms: SHA1, SHA 256, SHA 384 or SHA 512 bits
  • Encryption Algorithms: AES with 128, 192 or 256 bits or Triple DES
Strong Authentication - Standards PKI Enrollment X.509 v.3 Standard; Entrust Ready
PKCS#11 interface for encryption tokens (USB and smart cards); smart card operating systems: TCOS 1.2 and 2.0; smart card reader interfaces: PC/SC, CT-API;
PKCS#12 interface for private keys in soft certificates;
PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP. CMP (Certificate Management Protocol)
Network Access Control Endpoint Policy Enforcement
Networking Features LAN emulation: virtual Ethernet adapter
Network Protocol IP
Dialer NCP Internet Connector
VPN Path Finder NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is no possible (prerequisite: NCP VPN Path Finder Technology on the Gateway is required)
Additional Features Automatic media detection, UDP encapsulation, Multi certificate support
IP Address Allocation DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server
Transmission Media Internet, xDSL, LAN, GSM (inkl. HSCSD), GPRS, UMTS, LTE, HSDPA, PSTN, ISDN
Line Management DPD with configurable time interval; channel bundling (dynamic in ISDN) with freely configurable threshold value; timeout (controlled by time and charges)
Data Compression IPCOMP (lzs), deflate
Point-to-Point Protocols PPP over ISDN, PPP over GSM, PPP over PSTN, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP
Internet Society RFCs and drafts RFC 2401 –2409 (IPsec), RFC 3498, RFC 3947: IP security architecture, ESP, HMAC-MD5-96, HMAC-SHA-1-96, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP
Client Monitor
Intuitive GUI
Multilingual (English, German); intuitive operation; configuration, connection management and monitoring, connection statistics, log-files, trace tool for error diagnosis; traffic light icon for display of connection status; integrated support of Mobile Connect Cards (PCMCIA, embedded); password protected configuration management and profile management, configuration parameter lock

* Prerequisites: NCP Secure Enterprise Management and/or NCP Secure Enterprise Server
** Download NCP FND server: