21.1 VPN Server Configuration

upon saving of the settings (by clicking Apply in the Interfaces tab). In such cases, redefine the VPN subnet.

Figure 21.3 VPN server — detection of IP collision

It is recommended to check whether IP collision is not reported after each change in configuration of the local network or/and of the VPN!

Notes:

1.Under certain circumstances, collision with the local network might also arise when a VPN subnet is set automatically (if configuration of the local network is changed later).

2.Regarding two VPN tunnels, it is also examined when establishing a connection whether the VPN subnet does not collide with IP ranges at the other end of the tunnel (remote endpoint).

If a collision with an IP range is reported upon startup of the VPN server (upon clicking Apply in the Interfaces tab), the VPN subnet must be set by hand. Select a network which is not used by any of the local networks participating in the connection. VPN subnets at each end of the tunnel must not be identical (two free subnets must be selected).

3.VPN clients can also be assigned IP addresses according to login usernames. For details, see chapter 13.1.

SSL certificate

Information about the current VPN server certificate. This certificate is used for verification of the server’s identity during creation of a VPN tunnel (for details, refer to chapter 21.3). The VPN server in WinRoute uses the standard SSL certificate.

When defining a VPN tunnel, it is necessary to send the local endpoint’s certificate fingerprint to the remote endpoint and vice versa (mutual verification of identity — see chapter 21.3).

HINT: Certificate fingerprint can be saved to the clipboard and pasted to a text file, email message, etc.

Click Change SSL Certificate to set parameters for the certificate of the VPN server. For the VPN server, you can either create a custom (self-subscribed) certificate or im- port a certificate created by a certification authority. The certificate created is saved in the sslcert subdirectory of the WinRoute’s installation directory as vpn.crt and the particular private key is saved at the same location as vpn.key.

Methods used for creation and import of SSL certificates are described thoroughly in chapter 9.1.

Note: If you already have a certificate created by a certification authority especially for your server (e.g. for secured Web interface), it is also possible to use it for the

301

Page 301
Image 301
Kerio Tech Firewall6 manual SSL certificate, 301