Chapter 23 Kerio VPN
322
This step will create rules for connection of the VPN server as well as for communication
of VPN clients with the local network (through the firewall).
Figure23.44 TheLondon filial office — default traffic rules for Kerio VPN
3. Customize DNS configuration as follows:
•In the WinRoute’s DNS module configuration, enable DNS forwarder (forwarding
of DNS requests to other servers).
•Enable the Use custom forwarding option and define rules for names in the
company.com and filial2.company.com domains. To specify the forwarding
DNS server, always use the IP address of the WinRoute host’s inbound interface
connected to the local network at the remote side of the tunnel.
Figure23.45 TheLondon filial office — DNS forwarding settings
•Set the IP address of this interface (172.16.1.1) as a primary DNS server for the
WinRoutehost’s interface connected to the LAN 1 local network. Itis not necessary
to set DNS at the interface connected to LAN 2.
•Set the IP address 172.16.1.1 as a primary DNS server also for the other hosts.
4. Enable the VPN server and configure its SSL certificate (create a self-signed certificate if no
certificate provided by a certification authority is available).
Note: A free subnet which has been selected is now specified automatically in the VPN
network and Mask entries. Check whether this subnet does not collide with any other
subnet in the headquarters or in the filials. If it does, specify a free subnet.