4.2  Configuration of a filial office

  1. In Kerio Control under Configuration / Interfaces, select a VPN server, open its settings dialog and enable it.

    Note

    A selected free subnet is specified automatically in the VPN network and Mask entries. There is no reason to change the network.

    Use the Edit SSL certificate button to create an SSL certificate with the name of the corresponding server (e.g. server.filial.company). This certificate is used for identification of the VPN server. The fingerprint of the created SSL certificate will be required for definition of the VPN tunnel on the headquarters server (see chapter 4.1  Headquarters configuration). Select it, copy it to the clipboard and paste it to an email message, text file, etc.

    Note

    It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.

  2. Create an active endpoint of the VPN tunnel which connects to the company's headquarters server (server.company.com). The fingerprint of the VPN server certificate can be set simply by clicking on Detect remote certificate.

  3. In the configuration of the DNS module (refer to chapter 2.7  DNS configuration), enable the Use custom forwarding. Define rules for the company.com domain. Set the IP address of the headquarter's domain server (192.168.1.2) which is used as the primary server for the company.com domain as the DNS server used for forwarding.

    Domain / NetworkDNS server(s)
    company.com192.168.1.2

    Table 4.2. Filial — DNS forwarding configuration