In WinRoute under Configuration / Interfaces select a VPN server, open its settings dialog and enable it.
Note: A free subnet which has been selected for VPN is now specified automatically in the VPN network and Mask entries. There is no reason to change the network.
Use the kwf.company.com
). This certificate is used for identification of the VPN server.
Note: It is recommended to later replace this generated certificate with a certificate authorized by a reliable public certification authority.
Create a passive endpoint of the VPN tunnel (the office's server uses a dynamic IP address — therefore there must be the active endpoint of the tunnel at the office). Specify the remote endpoint SSL certificate's fingerprint by the fingerprint of the certificate of the branch office VPN server.
Complete the Local Traffic rule (created by the Network Rules Wizard — see chapter 2.4 Basic Traffic Policy Configuration) with the VPN tunnel.
Name | Source | Destination | Service | Action | Translation |
---|---|---|---|---|---|
Local Traffic | Firewall All VPN clients Tunnel to the office Trusted / local | Firewall All VPN clients Tunnel to the office Trusted / local | Any | Allow |
Table 4.1. Headquarters — the Local Traffic rule
In the configuration of the DNS Forwarder (refer to chapter 2.6 DNS configuration), enable the Use custom forwarding. Define rules for the filial.company.com
domain. Specify the server for DNS forwarding by the IP address of the remote firewall host's interface (i.e. interface connected to the local network at the other end of the tunnel).
Domain / Network | DNS server(s) |
---|---|
10.1.1.0 / 255.255.255.0 | 10.1.1.1 |
filial.company.com | 10.1.1.1 |
Table 4.2. Headquarters — DNS forwarding configuration