4.1  Headquarters configuration

  1. Select the VPN server item in the Interfaces tab under Configuration / Interfaces. Double-click it (or use the Edit button) to open a dialog where parameters for the VPN server can be set. Check the Enable VPN server in the General tab.

    Note: A free subnet which has been selected for VPN is now specified automatically in the VPN network and Mask entries. There is no reason to change the network.

    Headquarters — VPN server configuration

    Figure 4.2. Headquarters — VPN server configuration


    Click on Change SSL certificate. Use the Generate Certificate button to generate a SSL certificate of the VPN server (ID of the server).

    Headquarters — creating of the VPN server's SSL certificate

    Figure 4.3. Headquarters — creating of the VPN server's SSL certificate


    Note: It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.

  2. Create a passive end of the VPN tunnel (the server of the branch office uses a dynamic IP address). Specify the remote endpoint's fingerprint by the fingerprint of the certificate of the branch office VPN server.

    Headquarters — the passive endpoint of the filial office's VPN tunnel

    Figure 4.4. Headquarters — the passive endpoint of the filial office's VPN tunnel


  3. Complete the Local Traffic rule (created by the Network Rules Wizard — see chapter 2.4  Basic Traffic Policy Configuration) with the VPN tunnel.

    Headquarters — adding the VPN tunnel to the traffic rules

    Figure 4.5. Headquarters — adding the VPN tunnel to the traffic rules


    Note: The Firewall traffic and the Kerio VPN service rules are shown at figure 4.5  Headquarters — adding the VPN tunnel to the traffic rules — both of them are necessary for establishment of the VPN tunnel.

  4. In the configuration of the DNS Forwarder (refer to chapter 2.6  DNS Forwarder configuration), enable the Use custom forwarding. Define rules for the filial.company.com domain. Specify the server for DNS forwarding by the IP address of the remote firewall host's interface (i.e. interface connected to the local network at the other end of the tunnel).

    Headquarters — DNS forwarding configuration

    Figure 4.6. Headquarters — DNS forwarding configuration