4.1  Headquarters configuration

  1. In Kerio Control under Configuration / Interfaces, select a VPN server, open its settings dialog and enable it.

    Note

    A selected free subnet is specified automatically in the VPN network and Mask entries. There is no reason to change the network.

  2. Use the Edit SSL certificate button to create an SSL certificate with the name of the corresponding server (e.g. server.company.com). This certificate is used for identification of the VPN server.

    Note

    It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.

  3. Create a passive endpoint of the VPN tunnel (the office's server uses a dynamic IP address — therefore there must be the active endpoint of the tunnel at the office). Specify the remote endpoint SSL certificate's fingerprint by the fingerprint of the certificate of the branch office VPN server.

  4. In the configuration of the DNS module (refer to chapter 2.7  DNS configuration), enable the Use custom forwarding. Define rules for the filial.company.com domain. Specify the server for DNS forwarding by the IP address of the remote Kerio Control host's interface (i.e. interface connected to the local network at the other end of the tunnel).

    Domain / NetworkDNS server(s)
    filial.company.com10.1.1.1

    Table 4.1. Headquarters — DNS forwarding configuration