Kerio Tech Firewall6 User Manual

Chapter 23

Kerio VPN

312

Figure 23.2

VPN server settings — basic parameters

Enable VPN server

Use this option to enable /disable VPN server. VPN server uses TCP and UDP protocols,

port 4090 is used as default (the port can be changed in advanced options, however, it is

usually not necessary to change it). If the VPN server is not used, it is recommended to

disable it.

The action will be applied upon clicking the Apply button in the Interfaces tab.

IP address assignment

Specification of a subnet (i.e. IP address and a corresponding network mask) from which

IP addresses will be assigned to VPN clients and to remote endpoints of VPN tunnels

which connect to the server (all clients will be connected through this subnet).

By default (upon the first start-up after installation), WinRoute automatically selects a free

subnet which will be used for VPN. Under usual circumstances, it is not necessary to

change the default subnet. After the first change in VPN server settings, the recently

used network is used (the automatic detection is not performed again).

Warning

Make sure that the subnet for VPN clients does not collide with any local subnet!

WinRoute can detect a collision of the VPN subnet with local subnets. The collision may

arise when configuration of a local network is changed (change of IP addresses, addition

of a new subnet, etc.), or when a subnet for VPN is not selected carefully. If the VPN

subnet collides with a local network, a warning message is displayed upon saving of the

settings (by clicking Apply in the Interfaces tab). In such cases, redefine the VPN subnet.

Figure 23.3

VPN server — detection of IP collision