To configure Interface:

1. In the administration interface, go to Interfaces.
2. Double-click VPN Server.
3. In the VPN Server Properties dialog, check Enable Kerio VPN Server.
4. On tab Kerio VPN, select a valid certificate.
5. The port 4090 is set as default. Both TCPTransmission Control Protocol - ensures packet transmission. and UDPUser Datagram Protocol - ensures packet transmission. protocols are used.

6. To specify a VPN route manually, read section Configuring routing.
7. Kerio VPN Server directs the traffic from VPN clients in two ways:

• Only traffic which ends in the Kerio Control network goes through the firewall — default mode. This type of connection is called split tunneling.
• All traffic goes through the firewall — select VPN clients access the Internet through the VPN.

VPN diagrams

8. Verify that your default Internet access (NATNetwork address translation - A method that remaps IP addresses by changing network address information.) rule includes the VPN clients item.

Configuring Traffic Rules

9. Save the settings.

By default, routes to all local subnets at the VPN Server's side are defined. Other networks to which a VPN route will be set for the client can be specified:

1. In the administration interface, go to Interfaces.
2. Double-click the VPN Server.
3. On tab Kerio VPN, click Custom Routes.
4. Click Add.
5. In the Add Route dialog box, define a network, mask and description. In case of any collisions, custom routes are used instead.
6. Save the settings.

Kerio VPN Server needs a DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. Server to be used. There are two possible configuration options:

Using the Kerio Control DNS server

To use the DNS server in Kerio Control for Kerio Control VPN Clients:

1. In the administration interface, go to Interfaces.
2. Double-click VPN Server.
3. On the DNS tab, select Use Kerio Control as DNS server.
4. Select Automatically select the domain suffix.
5. Click OK.

Kerio Control uses its own DNS server for Kerio Control VPN Clients and uses the domain suffix specific for the Kerio Control network.

Configuring which DNS to be used by Kerio Control VPN

Using external DNS servers

To assign specific DNS servers to Kerio Control VPN Clients:

1. In the administration interface, go to Interfaces.
2. Double-click VPN Server.
3. On the DNS tab, select Use specific DNS servers.
4. In Primary DNS, type a fully qualified domain name.
5. (Optional) In Secondary DNS, type a fully qualified domain name of the backup DNS server.
6. If you want to use a different domain suffix, select Use specific domain suffix. Then type the domain suffix.
7. Click OK.

The DNS servers are assigned to all Kerio Control VPN Clients and the domain suffix is changed.

The following conditions must be met to enable connection of remote clients to local networks:

• Kerio VPN Client must be installed on remote clients. For more information refer to Installing and configuring Kerio Control VPN Client for users.
• In the Users and Groups > Users section, check a right Users can connect using VPN for your users.
• Connection to the VPN Server from the Internet as well as communication between VPN Clients must be allowed by traffic rules. There is a default traffic policy rule which should be enabled. Otherwise, there is a defined service for Kerio VPN (TCP/UDP 4090) in case you do not have this rule.

Assigning static IP addresses for Kerio Control VPN Clients

For more information refer to Assigning static IP addresses for Kerio Control VPN Clients.