Manualshelf

User`s guide

ManualsBrandsKerio ManualsSoftwareControl 7, 100 user add-on, GOV
16171819202122232425
23
identification of the VPN server. The fingerprint of the created SSL certificate will be
required for definition of the VPN tunnel on the headquarters server (see chapter 4.1).
Select it, copy it to the clipboard and paste it to an email message, text file, etc.
Note: It is recommended to later replace this generated certificate with a certificate
authorized by a reliable public certification authority.
2. Create an active endpoint of the VPN tunnel which connects to the company’s
headquarters server (server.company.com). The fingerprint of the VPN server certificate
can be set simply by clicking on Detect remote certificate.
3. In the configuration of the DNS module (refer to chapter 2.7), enable the Use cus-
tom forwarding. Define rules for the company.com domain. Set the IP address of the
headquarter’s domain server (192.168.1.2) which is used as the primary server for the
company.com domain as the DNS server used for forwarding.
Domain / Network DNS server(s)
company.com 192.168.1.2
Table 4.2 Filial — DNS forwarding configuration
4.3 VPN test
Configuration of the VPN tunnel has been completed by now. At this point, it is recommended
to test availability of the remote hosts from each end of the tunnel (from both local networks).
For example, the ping or/and tracert operating system commands can be used for this
testing. It is recommended to test availability of remote hosts both through IP addresses and
DNS names.
If a remote host is tested through IP address and it does not respond, check configuration
of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the same
subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (Unknown host) when
a corresponding DNS name is tested, then check configuration of the DNS.
Note: VPN clients connecting to the headquarters server can access both the headquarters
and the branch office networks and vice versa (the access is not limited by any restrictions).
Therefore, it is recommended to test connection to both networks also from the VPN client.