Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Kerio Control VPN
  3. Articles

Connecting Multiple Offices Via Kerio VPN And IPsec Tunnels

In Kerio Control, you can create both Kerio VPN and IPsec VPN tunnels. The article describes, how to configure routes between those two tunnels so that each host sees all other hosts in all subnets in the network.

The Kerio VPN tunnel includes a routing daemon. So, by default, all subnets are visible behind the remote endpoint of the Kerio VPN tunnel. For the IPsec tunnel, you must add all routes manually.

The steps below use the scenario illustrated in the following diagram:

 

image-0

 

Subnets linked by VPN tunnels

Diagram nodes:

  • The Control 1 server is connected with the FW 3 server via IPsec tunnel.
  • The Control 1 server is connected with the Control 2 server via Kerio VPN Tunnel.
  • The Control 1 server includes LAN 1 and VPN 1 networks.
  • The Control 2 server includes LAN 2 and VPN 2 networks.
  • The FW 3 server includes LAN 3 and VPN 3 networks.

 

Configuring the Kerio VPN tunnel

Kerio VPN automatically shares all routes, including the Kerio Control VPN.

Be sure to verify that the tunnel works. For example, send a ping command from a computer connected to LAN 1 to a computer connected to LAN 2, and vice versa.

Also verify that users with VPN clients can ping all computers from LAN 1 and LAN 2.

image-1

Configuring the IPsec VPN tunnel

NOTE: You must also add all Control 1 routes to the FW 3 settings.

Verify that the tunnel works. For example, send a ping command from a computer connected to LAN 1 to a computer connected to LAN 3, and vice versa.

Check also that users with VPN clients can ping all computers from LAN 1 and LAN 3.

 

Configuring Kerio VPN + IPsec VPN interoperability

Both tunnels work separately at this point. The next step is to ensure that all users can communicate with each other using both tunnels:

  • To ensure that the IPsec tunnel knows about LAN 2 and VPN 2, add LAN 2 and VPN 2 to the local networks of the Control 1 server.
  • To ensure that LAN 3 and VPN 3 communicate with LAN 2 and VPN 2, configure the remote networks of the Control 2 server.
  • To ensure that VPN 1 communicates with LAN 3 and VPN 3, add custom routes in the Kerio VPN server settings.
  • On the FW 3 server, add LAN 1, LAN 2, VPN 1 and VPN 2 to remote networks.

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments