Select the VPN server item in the Interfaces tab under Configuration / Interfaces. Double-click it (or use the button) to open a dialog where parameters for the VPN server can be set. Check the Enable VPN server in the General tab.
Note: A free subnet which has been selected for VPN is now specified automatically in the VPN network and Mask entries. There is no reason to change the network.
Click on
. Use the button to generate a SSL certificate of the VPN server (ID of the server).Note: It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.
Create a passive end of the VPN tunnel (the server of the branch office uses a dynamic IP address). Specify the remote endpoint's fingerprint by the fingerprint of the certificate of the branch office VPN server.
Complete the Local Traffic rule (created by the Network Rules Wizard — see chapter 2.4 Basic Traffic Policy Configuration) with the VPN tunnel.
Note: The Firewall traffic and the Kerio VPN service rules are shown at figure 4.5 Headquarters — adding the VPN tunnel to the traffic rules — both of them are necessary for establishment of the VPN tunnel.
In the configuration of the DNS Forwarder (refer to chapter 2.6 DNS Forwarder configuration), enable the Use custom forwarding. Define rules for the filial.company.com
domain. Specify the server for DNS forwarding by the IP address of the remote firewall host's interface (i.e. interface connected to the local network at the other end of the tunnel).