Chapter 21 Kerio VPN
Note: It is not necessary to perform any other customization of traffic rules. The required restrictions should be already set in the traffic policy at the server of the headquarters.
VPN test
Configuration of the VPN tunnel has been completed by now. At this point, it is recom- mended to test availability of the remote hosts from each end of the tunnel (from both local networks).
For example, the ping or/and tracert operating system commands can be used for this testing. It is recommended to test availability of remote hosts both through IP addresses and DNS names.
If a remote host is tested through IP address and it does not respond, check configura- tion of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the same subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (Unknown host) when a corresponding DNS name is tested, then check configuration of the DNS.
21.6 Example of a more complex Kerio VPN configuration
In this chapter, an example of a more complex VPN configuration is provided where redundant routes arise between interconnected private networks (i.e. multiple routes exist between two networks that can be used for transfer of packets).
The only difference of Kerio VPN configuration between this type and VPN with no re- dundant routes (see chapter 21.5) is setting of routing between endpoints of individual tunnels. In such a case, it is necessary to set routing between individual endpoints of VPN tunnels by hand. Automatic route exchange is inconvenient since Kerio VPN uses no routing protocol and the route exchange is based on comparison of routing tables at individual endpoints of the VPN tunnel (see also chapter 21.4). If the automatic exchange is applied, the routing will not be ideal!
For better reference, the configuration is here described by an example of a company with a headquarters and two filial offices with their local private network interconnected by VPN tunnels (so called triangle pattern). This example can be then adapted and ap- plied to any number of interconnected private networks.
The example focuses configuration of VPN tunnels and correct setting of routing be- tween individual private networks (it does not include access restrictions). Access re- strictions options within VPN are described by the example in chapter 21.5.
