Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 329
23.6 Example of a more complex Kerio VPN configuration
329
3.
Customize DNS configuration as follows:
•
In the WinRoute’s DNS module configuration, enable DNS forwarder (forwarding
of DNS requests to other servers).
•
Enable the Use custom forwarding option and define rules for names in the
company.com
and filial1.company.com domains. Specify the server for DNS
forwarding by the IP address of the remote firewall host’s interface (i.e. interface
connected to the local network at the other end of the tunnel).
Figure 23.54
The Paris filial office — DNS forwarding settings
•
Set the IP address of this interface (172.16.1.1) as a primary DNS server for the
WinRoute host’s interface connected to the LAN 1 local network. It is not necessary
to set DNS at the interface connected to LAN 2.
•
Set the IP address 172.16.1.1 as a primary DNS server also for the other hosts.
4.
Enable the VPN server and configure its SSL certificate (create a self-signed certificate if no
certificate provided by a certification authority is available).
Note: A free subnet which has been selected is now specified automatically in the VPN
network and Mask entries. Check whether this subnet does not collide with any other
subnet in the headquarters or in the filials. If it does, specify a free subnet.
For a detailed description on the VPN server configuration, refer to chapter