Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Kerio Control VPN
  3. Articles

Configuring IPsec VPN Server

Overview: Kerio IPsec VPN Server offers clients such as desktops, notebooks, mobile devices, etc. a secure way to connect to the network. To implement Kerio IPsec VPN Server you need to make changes in the configuration on the server-side and also on the client-side.

Step-By-Step Guide

Configuring the Server side

For securing the communication on the server side you can use both or one of the methods below:

  • A preshared key (PSK, shared secret).
  • An SSL certificate.

Configuring IPsec VPN server with a preshared key

Note: The preshared key is a shared password for all users using an IPsec VPN.

  1. In the administration interface, go to Interfaces.
  2. Double-click on VPN Server.
  3. In the VPN Server Properties dialog box, check Enable IPsec VPN Server. Note that Kerio Control can provide the Kerio VPN server and IPsec VPN server simultaneously.
  4. On tab IPsec VPN, select a valid SSL certificate in the Certificate pop-up list.
  5. Check Use preshared key and type the key.
  6. Save the settings.

Configuring IPsec server with an SSL certificate

  1. In the administration interface, go to Interfaces.
  2. Double-click VPN Server.
  3. In the VPN Server Properties dialog, check Enable IPsec VPN Server.
  4. On tab IPsec VPN, select a valid SSL certificate in the Certificate pop-up list.
  5. On tab IPsec VPN, check Use certificate for clients.
  6. Save the settings.

Configuring the client side

On the client-side also only one of the two methods can be available.

  1. A preshared key (PSK, shared secret).
  2. An SSL certificate.

 Note: Each user must provide their credentials for authentication.

 Configuring clients with a preshared key

Inform users what to prepare for the configuration of their clients:

  1. VPN type: L2TP IPsec PSK.
  2. Kerio Control hostname or IP address.
  3. preshared key (PSK, shared secret).
  4. username and password for access to the firewall.

Configuring clients with an SSL certificate

All client machines need to have the certificate imported into the Certification Trusted store. Instruct your users to contact their internal help desk in case of a message of an invalid certificate.

Note: Many mobile devices support IPsec VPN and may work with Kerio Control. However, Kerio Control officially supports the following list:

  1. Android 4 and higher
  2. iOS 6 and higher

Confirmation: Your Kerio IPsec VPN Server is set and ready to use securely to connect to the network.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments