21.3 Interconnection of two private networks via the Internet (VPN tunnel)
305
If the rules are set like this, all VPN clients can access local networks and vice versa
(all local hosts can communicate with all VPN clients). To restrict the type of network
access available to VPN clients, special rules must be defined. A few alternatives of the
restrictions settings within Kerio VPN are focused in chapter 21.5.
Notes:
1. If the Network Rules Wizard is used to create traffic rules, the described rules can
be generated automatically (including matching of VPN clients with the Source and
Destination items). To generate the rules automatically, select Yes, I want to use
Kerio VPN in Step 5. For details, see chapter 6.1.
2. For access to the Internet, VPN clients use their current Internet connections. VPN
clients are not allowed to connect to the Internet via WinRoute (configuration of
default gateway of clients cannot be defined).
3. For detailed information about traffic rules, refer to chapter 6.
21.3 Interconnection of two private networks via the Internet (VPN
tunnel)
WinRoute (version 6.0.0 or later) including support for VPN (VPN support is included in
the typical installation — see chapter 2.3) must be installed in both networks to enable
creation of an encrypted tunnel between a local and a remote network via the Internet
(“VPN tunnel”).
Note: Each installation of WinRoute requires its own license (see chapter 4).
Setting up VPN servers
First, the VPN server must be allowed by the traffic policy and enabled at both ends of the
tunnel. For detailed description on configuration of VPN servers, refer to chapter 21.1.
Definition of a tunnel to a remote server
VPN tunnel to the server on the other side must be defined at both ends. Use the Add →
VPN tunnel option in the Interfaces section to create a new tunnel.
Name of the tunnel
Each VPN tunnel must have a unique name. This name will be used in the table
of interfaces, in traffic rules (see chapter 6.3) and interface statistics (details in
chapter 18.1).
