Configuring IPsec VPN tunnel

Kerio IPsecVPN tunnel allows the administrator to connect officers located on separated geographic areas into a single network.

Kerio IPsecInternet Protocol security - A network protocol used to encrypt and secure data sent over a network. VPN tunnelKerio Control includes a VPN tunnel which allows to distributed offices to interconnect their offices securely. offers authentication and encryption to ensure a fast and secure connection.


To connect two or more Kerio Controls via VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. tunnel, use Kerio VPN. Unlike Kerio IPsec VPN tunnel, Kerio VPN tunnel is able to seek routes in remote networks automatically.

To configure Kerio IPsec VPN tunnel:

Before you start

Prepare the following list:

Configuring authentication method

You can select one of the following methods:

Configuring ciphers in key exchange (IKE)


New in Kerio Control 9.2!

Kerio Control can use several IKE ciphers during the connecting and authorizing process of IPsec tunnel. In many cases, these ciphers are common between the endpoints and no custom configuration is necessary.

In other cases, you may need to assign custom ciphers. Therefore, you can configure IKE ciphers in Kerio Control manually:

Configuring VPN failover

If Kerio Control is load balancing between multiple Internet links, it is possible to use VPN failover. This ensures that a VPN tunnel is re-established automatically in case the primary link used for VPN tunneling becomes unavailable.

To configure failover:

  1. In the administration interface, go to Interfaces.
  2. Select the IPsec VPN tunnel and click Edit.

Configuring failover

  1. input all remote endpoints (by hostname or IP address), separated by semicolons, into the VPN tunnel properties.


When attempting to establish the tunnel, Kerio Control cycles through the list of the endpoints in the same order that they are listed in the VPN Tunnel Properties.