21.1 VPN Server Configuration
301
upon saving of the settings (by clicking Apply in the Interfaces tab). In such cases,
redefine the VPN subnet.
Figure 21.3 VPN server — detection of IP collision
It is recommended to check whether IP collision is not reported after each change
in configuration of the local network or/and of the VPN!
Notes:
1. Under certain circumstances, collision with the local network might also arise
when a VPN subnet is set automatically (if configuration of the local network is
changed later).
2. Regarding two VPN tunnels, it is also examined when establishing a connection
whether the VPN subnet does not collide with IP ranges at the other end of the
tunnel (remote endpoint).
If a collision with an IP range is reported upon startup of the VPN server (upon
clicking Apply in the Interfaces tab), the VPN subnet must be set by hand. Select
a network which is not used by any of the local networks participating in the
connection. VPN subnets at each end of the tunnel must not be identical (two
free subnets must be selected).
3. VPN clients can also be assigned IP addresses according to login usernames.
For details, see chapter
13.1.
SSL certificate
Information about the current VPN server certificate. This certificate is used for
verification of the server’s identity during creation of a VPN tunnel (for details, refer
to chapter 21.3). The VPN server in WinRoute uses the standard SSL certificate.
When defining a VPN tunnel, it is necessary to send the local endpoint’s certificate
fingerprint to the remote endpoint and vice versa (mutual verification of identity —
see chapter 21.3).
HINT: Certificate fingerprint can be saved to the clipboard and pasted to a text file,
email message, etc.
Click Change SSL Certificate to set parameters for the certificate of the VPN server.
For the VPN server, you can either create a custom (self-subscribed) certificate or im-
port a certificate created by a certification authority. The certificate created is saved
in the sslcert subdirectory of the WinRoute’s installation directory as vpn.crt and
the particular private key is saved at the same location as vpn.key.
Methods used for creation and import of SSL certificates are described thoroughly
in chapter
9.1.
Note: If you already have a certificate created by a certification authority especially
for your server (e.g. for secured Web interface), it is also possible to use it for the