Kerio Tech Firewall6 User Manual
Page 351
23.6 Example of a more complex Kerio VPN configuration
351
•
Set the IP address of this interface (172.16.1.1) as a primary DNS server for the
WinRoute host’s interface connected to the LAN 1 local network. It is not necessary
to set DNS at the interface connected to LAN 2.
•
Set the IP address 172.16.1.1 as a primary DNS server also for the other hosts.
4.
Enable the VPN server and configure its SSL certificate (create a self-signed certificate if no
certificate provided by a certification authority is available).
Note: The VPN network and Mask entries now include an automatically selected free sub-
net. Check whether this subnet does not collide with any other subnet in the headquarters
or in the filials. If it does, specify a free subnet.
Figure 23.49
The London filial office — VPN server configuration
For a detailed description on the VPN server configuration, refer to chapter
5.
Create an active endpoint of the VPN tunnel which will connect to the headquarters server
(newyork.company.com). Use the fingerprint of the VPN server of the headquarters as a
specification of the fingerprint of the remote SSL certificate.
On the Advanced tab, select the Use custom routes only option and set routes to headquar-
ters’ local networks.
At this point, connection should be established (i.e. the tunnel should be created). If
connected successfully, the Connected status will be reported in the Adapter info column
for both ends of the tunnel. If the connection cannot be established, we recommend you
to check the configuration of the traffic rules and test availability of the remote server — in