Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Some VPN Answers for other Newbies
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
Okay, I finally got my VPN working as expected. Straight-in VPN, (not a system to system tunnel).

I've seen a lot of posts here with VPN trouble. Some advanced, some basic. Very few if any responses though. I learned a little about the basics (that I needed) during my trial and error methods and figured I'd relate what I learned here if it can help other newbies.

1st -- The VPN adapter installed with KWF is a router! (yeah, I know, all the gurus are saying "Duh!"). But I wasn't thinking of it that way, which caused me all kinds of misconceptions.

Since it is a router, it is necessary to provide it with two IPs, one for each interface. On the KWF/VPN server PC, you must go into the WINDOWS TCP/IP properties for the KWF-VPN interface and set it to a static private IP that does NOT overlap your existing LAN (I used 10.1.1.1 as shown in the docs). You enter the mask (typically 255.255.255.0) and note that the DNS server must point to itself... (i.e. 10.1.1.1). That's one interface.

Next, you must go into the KWF management console to configure the other VPN interface. Find the VPN interface and provide it with a DIFFERENT NETWORK private address that is NOT one of your existing LAN address spaces and NOT the one you provided to the WINDOWS VPN NIC. I used 172.26.41.0. Set DHCP to hand out however many addresses you like. ALSO, assign DHCP to hand out the DNS servers in your INTERNAL LAN if that is what you are using for internal DNS on your LAN clients.

Make the appropriate FW rules (these are pretty straight forward in the KWF/VPN help files).

This gives you the ability to connect from the Internet via the VPN client to your network and includes the name resolution necessary to map drives by name (assuming you have that capability on the LAN to begin with). Smile.

The only "extra" thing I had to do to permit me to map drives of the actual VPN server itself, was to put my local lan address for the VPN server in each client's HOST file. Remember, your KWF machine has a public IP too. Otherwise, when remote, you would be trying to map your VPN server's public IP (via DNS) rather than the private IP... doesn't work.

If you wanted to print to IP printers on your LAN, you would need to put them in your host file too... unless your internal DNS had records for them (like in Active Directory).

Don't forget to give your KWF-VPN userIDs rights to use VPN! It's not like that by default.

Anyway, hope this helps someone. Razz

-Frank



[Updated on: Sun, 23 April 2006 05:01]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Frank, how nice of you to share your findings here!

I will take a look at my VPN setup with this information. (All works fine here, except name resolution of internal hosts for VPN connected clients. Seems you cracked that nut Smile
Previous Topic: multiple email servers / route SMTP traffic
Next Topic: Security issue Proxy Server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 21:59:18 CET 2017

Total time taken to generate the page: 0.00362 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.