Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Accessing Internet over VPN
  •  
Tech1UAE

Messages: 32
Karma: 0
Send a private message to this user
Hi there,

I have created a Kerio VPN link between two locations in two countries. I would like to route Internet traffic on a local device using the remote network.

The local IP range is 10.8.1.x and the remote range is 192.168.143.x

I can ping all of the devices at the remote end and I thought it would just be simply a case of setting a remote static address and router etc on the local device. However when I test the connection, the Internet won't respond.

I would assume I have to set up some traffic policy but I'm not sure how to achieve this. Could I get some advice please?

Thanks,

Andy

[Updated on: Mon, 16 March 2015 20:03]

  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
Following is from a very reliable source but I yet to have a chance to verify:

Configure remote routes on 'client' side as
0.0.0.0/128.0.0.0
128.0.0.0/128.0.0.0

This won't destroy the default route, but will route all traffic through the tunnel.

Please let us know how it goes.

M. 17400

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
Tech1UAE

Messages: 32
Karma: 0
Send a private message to this user
Thanks for the reply but that doesn't work. Can you specify exactly where I need to enter these values?

Thanks,

Andyy
  •  
Brian Carmichael (Kerio)

Messages: 581
Karma: 57
Send a private message to this user
This is only possible using the Kerio VPN client. You would need to install it on the "local device".

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Tech1UAE

Messages: 32
Karma: 0
Send a private message to this user
Thanks for the reply. The local device is a Samsung Smart TV and so obviously I can't install the VPN client.

I suppose you would think it would be easy for this kind of setup to work. There is one large network (so to speak) so I thought it would be fairly easy to fool the device into thinking it was located at the other end? Isn't this how normal dial-up VPN's work?

Sorry if I'm over-simplifying here!

Andy
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
I spent a few hours with the routes, I could not make it work either. And I was told to tell you to make a feature request.

But I am not giving up yet. I might not be able to find the answer for you at the end but I want you to know I am still working on it.

M. 20304

[Updated on: Tue, 24 March 2015 04:22]


PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
GMarciales

Messages: 8

Karma: 0
Send a private message to this user
Hi, I dont know exactly this TV capabilities, have the TV any VPN client like PPTP?

Two other possibles options are:
- Web Proxy.
- GRE Tunnel.
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
Apologies for the delay.

I had success with the following configuration:

Tunnel
Server side: 10.0.0.254/24
Client side: 172.21.1.254/24

Here's the screen capture of the configuration:
./fa/3811/0/

The last parts were the whatismyip.com check, before and after tunnel was up.

  • Attachment: tunnel.jpg
    (Size: 135.05KB, Downloaded 652 times)

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
nitorcomms

Messages: 1
Karma: 0
Send a private message to this user
Hi,

This was a very good post and really should be included in the Admin guide because 99% of corporate users with HQ and Branch offices use this scenario. It works and it works well.

Cheers

Rob

Rob
  •  
samrowland

Messages: 1
Karma: 0
Send a private message to this user
at its default setting the vpn client uses the vpn server as default gateway, so there is not very much to setup on the clientside. If the server NPS/RAS Policy is configured to not restrict the vpn traffic and (instead) route it accordingly everything should work fine. As i understand, you use a special IP Network for your VPN Clients, which needs to be routed in your servers LAN:

Maybe your IP range (192.168.100.2) is unknown the the other network devices on your network, so just add a route on your internet router that the router "knows" that it reach 192.168.100.2 through your VPN Server (which i assume on the same network as your internet-gateway/router).


  •  
Tech1UAE

Messages: 32
Karma: 0
Send a private message to this user
Hi again,

Sorry about this but I cannot get this to work and so I must be doing something wrong. Let me give you a brief overview of the network.

Client Side 10.8.1.0/24
Server Side: 192.168.143.0/24

I basically have a PS3 connected to IP address 10.8.1.253 and I want to trick it into thinking that it is connected to the 192.168.143.0/24 network.

Thanks,

Andy
Previous Topic: NO access to Dropbox
Next Topic: I can't see websites on IIS; when IIS is back of Kerio Control
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Jan 20 23:01:23 CET 2017

Total time taken to generate the page: 0.01095 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.