Hello. I am setting up a VPN tunnel between two offices. Both offices have Mac OS X 10.8.x servers.
The mothership office Mac server is also hosting Kerio Connect and has external domain MX records pointing to it. It has a .org domain. It is an Open Directory Master. It is also running DNS and DHCP. Although I am open to moving DHCP over to the Kerio Control box.
The remote Mac server has not yet been deployed so I have flexibility in how it is set up.
I have been trying to follow the Kerio Control documentation section titled "Example of Kerio VPN configuration: company with a filial office." This is roughly what I intend to do, however I do differ with this example in that I want to allow VPN access to the remote office.
I have come across two issues:
I'm not sure how to set up the DNS in either environment. The documentation says to set the Kerio Control box as the primary DNS server on all hosts. However when I do that the DNS running on the servers breaks - I am no longer to do lookups in Terminal.
sudo changeip -checkhostname yields "The DNS hostname is not available, please repair DNS and re-run this tool."
When I point the primary DNS of hosts to the Kerio Control box lookups also fail. So I'm thinking my Mac server environment requires something different than what is suggested in the Kerio documentation.
It seems the current Kerio Control documentation has not been updated to show the current "Custom DNS Forwarding" dialog box. So I am also at a loss for how to configure DNS on either of the Kerioi Control boxes.
Has anyone been down this road, even more or less? Guidance would be most appreciated!
- Petr Dobry (Kerio)
DNS service in Control is not a full DNS server. It is only capable of:
- resolve hostnames from local hosts file
- resolve hostnames from assigned DHCP leases
- forward DSN queries to another server for specific domain (Custom DNS forwarding)
- forward all other queries to default DNS server (setup on the Internet interface)
If you want to be able to resolve DNS names from the other office, you should create a custom DNS forwarding to the server in the remote office for DNS domain used in the remote office.
Product Development Manager | Kerio
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of