Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Mail and Kerio VPN Problem
  •  
gskibum

Messages: 35
Karma: 1
Send a private message to this user
I have had a Kerio Control firewall for a number of years and it works great. I also admin several others.

I recently added a Kerio Connect mail server to my own Kerio Control protected network. The KMS is working great with devices inside and outside the network.

I am having one problem however. When, from devices inside the same network as the mail server, I connect to a remote Kerio VPN using the Kerio VPN Services service (not IPSeC), connectivity to the mail server breaks. Passing all traffic through the VPN remedies this problem with my own firewall, however I find it likely that this configuration was responsible for 3 crashes of a Kerio firewall I was using for VPN at the time (leading to the next point).

Another effect is on the local Kerio Control firewall: CPU usage spikes to the max, inbound traffic from the WAN is halted, and the following entries flood the log file.

(my IP) 10.0.0.30 myname<_at_>myldapserver.mydomain.com "Login Page - Kerio Control" https://mymailserver.mydomain.com/login/index.php

Connecting to other VPN servers in these same netowrks does not break connectivity to the mail server or have any of the other negative effects, regardless of whether all traffic is passed through the VPN.

After connecting to a Kerio VPN three things happen:
1. The blue login page to the Kerio Connect webmail shifts to the red Kerio firewall login page.
2. There is a certificate error when mail is first checked. A screenshot of the certificate error is attached as this seems to be a strong clue.
3. Mail connectivity breaks.

The mail server is protected with a GoDaddy UCC cert, however I tried removing this cert from the mail server, replacing it with the self signed cer, and the problem remained. The certificate error only changed to the self-signed mail server certificate.

I configured the firewall rules as described in this article.
http://kb.kerio.com/product/kerio-connect/server-configurati on/services/services-in-kerio-connect-1153.html

Any insights?

./fa/4623/0/

[Updated on: Thu, 06 April 2017 00:12]

  •  
gskibum

Messages: 35
Karma: 1
Send a private message to this user
I figured it out.

On the Kerio firewall It was necessary to add "Trusted/Local Interfaces" to the Source list for the internal KMS. Internet Interfaces alone was causing the issue.
Previous Topic: Clarify MAC Filter functionality
Next Topic: Looking for a good Kerio Control log analyzer
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Apr 28 04:34:32 CEST 2017

Total time taken to generate the page: 0.00403 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.