4.2  Configuration of a filial office

  1. Select the VPN server item in the Interfaces tab under Configuration / Interfaces. Double-click it (or use the Edit button) to open a dialog where parameters for the VPN server can be set. Check the Enable VPN server in the General tab.

    Note: A free subnet which has been selected for VPN is now specified automatically in the VPN network and Mask entries. There is no reason to change the network.

    Filial office — VPN server configuration

    Figure 4.7. Filial office — VPN server configuration


    Press Advanced and then click on Change SSL Certificate. Use the Generate Certificate button to generate a SSL certificate of the VPN server (ID of the server).

    Filial — creating of the VPN server's SSL certificate

    Figure 4.8. Filial — creating of the VPN server's SSL certificate


    Note the fingerprint of the generated certificate — it will be required during the definition of the VPN tunnel at the headquarters.

    Note: It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.

  2. Create an active end of the VPN tunnel (the branch office server uses a dynamic IP address). The fingerprint of the VPN server certificate can be set simply by clicking on Detect remote certificate.

    Filial — the active endpoint of the VPN tunnel to the headquarters

    Figure 4.9. Filial — the active endpoint of the VPN tunnel to the headquarters


  3. Complete the Local Traffic rule (created by the Network Rules Wizard — see chapter 2.4  Basic Traffic Policy Configuration) with the VPN tunnel.

    Filial — adding the VPN tunnel to the traffic rules

    Figure 4.10. Filial — adding the VPN tunnel to the traffic rules


    Note: The Firewall Traffic rule is shown in figure 4.10  Filial — adding the VPN tunnel to the traffic rules — this rule is necessary for establishing of VPN tunnel.

  4. In the configuration of the DNS Forwarder (refer to chapter 2.6  DNS Forwarder configuration), enable the Use custom forwarding. Define rules for the company.com domain. Set the IP address of the headquarter's domain server (192.168.1.2) which is used as the primary server for the company.com domain as the DNS server used for forwarding.

    Filial — DNS forwarding configuration

    Figure 4.11. Filial — DNS forwarding configuration