Home » Kerio User Forums » Kerio Control » VPN client routing (Win 7 x64 Pro, VPN Client

Messages: 2
Karma: 0
Send a private message to this user

I have to use Kerio VPN client to connect to my customer's network. And problem is that Kerio VPN client routes all my traffic through that network while connection established.

This can be clearly determined from tracert output.
When Kerio VPN is offline
tracert google.com result starts with
Tracing route to google.com []
over a maximum of 30 hops:
 1     1 ms    <1 ms    <1 ms
... is my LAN gateway.

But when connection with Kerio is established, same command gives this:
Tracing route to google.com []
over a maximum of 30 hops:
 1    48 ms    45 ms    50 ms  firewall1 []
... is the gateway IP on Kerio Virtual Networking interface.

Is there any way to prevent Kerio VPN client from handling any other requests but those to the customer's network behind it?
With default Windows PPTP VPN I can achieve this by disabling "Use default gateway on remote network".
How can I do the same with Kerio VPN Client?

This issue leads to inability to securely work with different VPN's simultaneously while Kerio is in use. And clearly I don't want customer to be able to capture and control all my traffic including data that were not intended to be sent there, i.e. authentication data to my office services.

I've analysed routing table before and after Kerio VPN connection establishment - it doesn't change my default gateway and all routes it adds have higher value for metrics than route to default gateway. Kerio Virtual Networking has lowest priority among other network adapters. I cannot clearly understand how it becoming to act as default gateway/ Because of that I'm unable to manually override this behavior and restrict Kerio VPN Client to the network it is intended to connect to only.
Last guess: rerouting performed at higher level, SOCKS interception, may be?

Please, help.
Jonas Rodrigues (Kerio)

Messages: 238
Karma: 22
Send a private message to this user
Hi Vadim,

Go to Configuration -> Interfaces -> VPN Server -> Kerio VPN -> Disable "VPN clients access the Internet

through the VPN".

All the best,


Kerio Technical Support
Log Support Incidents here: http://www.kerio.com/support
Also, please use our KB: http://kb.kerio.com

Messages: 2
Karma: 0
Send a private message to this user
So I guess this is the only way - configure the server, nothing can be done on client side.
Too bad customers admin won't listen - I've already tried.

Anyway, thank you for helping.
Previous Topic: Mac Filter Page
Next Topic: Is there any way to limit users with time quota ?
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 18 13:57:20 CET 2018

Total time taken to generate the page: 0.80235 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.