In Kerio Control under Configuration / Interfaces, select a VPN server, open its settings dialog and enable it.
A selected free subnet is specified automatically in the VPN network and Mask entries. There is no reason to change the network.
Use the server.company.com
). This certificate is used for identification of the VPN server.
It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.
Create a passive endpoint of the VPN tunnel (the office's server uses a dynamic IP address — therefore there must be the active endpoint of the tunnel at the office). Specify the remote endpoint SSL certificate's fingerprint by the fingerprint of the certificate of the branch office VPN server.
In the configuration of the DNS module (refer to chapter 2.7 DNS configuration), enable the Use custom forwarding. Define rules for the filial.company.com
domain. Specify the server for DNS forwarding by the IP address of the remote Kerio Control host's interface (i.e. interface connected to the local network at the other end of the tunnel).
Domain / Network | DNS server(s) |
---|---|
filial.company.com | 10.1.1.1 |
Table 4.1. Headquarters — DNS forwarding configuration