Select the VPN server item in the Interfaces tab under Configuration / Interfaces. Double-click it (or use the button) to open a dialog where parameters for the VPN server can be set. Check the Enable VPN server in the General tab.
Note: A free subnet which has been selected for VPN is now specified automatically in the VPN network and Mask entries. There is no reason to change the network.
Press
and then click on . Use the button to generate a SSL certificate of the VPN server (ID of the server).Note the fingerprint of the generated certificate — it will be required during the definition of the VPN tunnel at the headquarters.
Note: It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.
Create an active end of the VPN tunnel (the branch office server uses a dynamic IP address). The fingerprint of the VPN server certificate can be set simply by clicking on
.Complete the Local Traffic rule (created by the Network Rules Wizard — see chapter 2.4 Basic Traffic Policy Configuration) with the VPN tunnel.
Note: The Firewall Traffic rule is shown in figure 4.10 Filial — adding the VPN tunnel to the traffic rules — this rule is necessary for establishing of VPN tunnel.
In the configuration of the DNS Forwarder (refer to chapter 2.6 DNS Forwarder configuration), enable the Use custom forwarding. Define rules for the company.com
domain. Set the IP address of the headquarter's domain server (192.168.1.2
) which is used as the primary server for the company.com
domain as the DNS server used for forwarding.