Table of Contents
WinRoute enables secure interconnection of remote private networks using an encrypted tunnel and it provides clients secure access to their local networks via the Internet. This method of interconnection of networks (and of access of remote clients to local networks) is called virtual private network (VPN). WinRoute includes a proprietary implementation of VPN, called “Kerio VPN”.
Kerio VPN is designed so that it can be used simultaneously with the firewall and with NAT (even along with multiple translations). Creation of an encrypted tunnel between networks and setting remote access of clients at the server is very easy.
Kerio VPN enables creation of any number of encrypted server-to-server connections (i.e. tunnels to remote private networks). Tunnels are created between two WinRoutes (typically at Internet gateways of corresponding networks). Individual servers (endpoints of the tunnels) verify each other using SSL certificates — this ensures that tunnels will be created between trustworthy servers only.
Individual hosts can also connect to the VPN server in WinRoute (secured client-to-server connections). Identities of individual clients are authenticated against a username and password (transmitted also by secured connection), so that unauthorized clients cannot connect to local networks.
Remote connections of clients are performed through Kerio VPN Client, included in WinRoute (for a detailed description, view the stand-alone Kerio VPN Client — User Guide document).
Note: For deployment of the Kerio VPN, it is supposed that WinRoute is installed at a host which is used as an Internet gateway. If this condition is not met, Kerio VPN can also be used, but the configuration can be quite complicated.
Benefits of Kerio VPN
In comparison with other products providing secure interconnection of networks via the Internet, the Kerio VPN solution provides several benefits and additional features.
Easy configuration (only a few basic parameters are required for creation of tunnels and for configuration of servers which clients will connect to).
No additional software is required for creation of new tunnels (Kerio VPN Client must be installed at remote clients — installation file of the application is 8 MB).
No collisions arise while encrypted channels through the firewall are being created. It is supposed that one or multiple firewalls (with or without NAT) are used between connected networks (or between remote clients and local networks).
No special user accounts must be created for VPN clients. User accounts in WinRoute (or domain accounts if the Active Directory is used — see chapter 10.1 Firewall User Authentication) are used for authentication.
Statistics about VPN tunnels and VPN clients can be viewed in WinRoute (refer to chapter 20.2 Interface statistics).