Skillfully use KWF to create a unique VPN server _ Web surfing

Source: Internet
Author: User
Tags ssl certificate
You often use the "Routing and Remote Access" component of the Windows system to set up a VPN server, but this method configuration is more complex. If you can integrate network firewall and VPN functions, you can simplify the erection process, and you can also use firewall policies to enhance the security of VPN services. Kerio Winroute Firewall (hereinafter referred to as KWF) is such a tool, it has built a VPN server, and can also use the KWF built-in features to enhance security, convenient VPN management, how to use KWF set up a VPN server, the following together to see!

   Installing a VPN server

The VPN service is built into the KWF, and the installation of the VPN service is simple, it does not need to be configured separately, and the installation of the VPN service and the KWF firewall are synchronized. Download the KWF software from Http://www.cloudnet.com.cn/download/WinRoute-Firewall-Antivirus.exe, which can be applied to the Windows 2000/xp/2003 system, Running the KWF firewall installer, the VPN service is installed by default, and you can complete the installation of the VPN service by setting the initial password for the administrator account in the Administrator Account dialog box.

Tip: During the installation of the VPN server, the "Kerio VPN adapter driver does not pass the Windows Logo Test ..." dialog box, regardless of the error prompts, click the "Continue" button.

   Configuring a VPN server

1. Start the VPN service

Restart the Windows system to complete the installation of the VPN server, but the VPN service is not yet started. Double-click the "KWF icon" in the system tray, eject the console Login dialog box, select "Localhost" in the "Host" column, and then enter the administrator account and password in the "Username" and "Password" fields, click "Connect" button, You can sign in to the KWF console.

Starting the VPN service is also automatic, the first login KWF the console pops up the "Network Rules Wizard" dialog box and then clicks "Next", but make sure that the "Yes,i want to use Kerio VPN" option is selected on page fifth, Finally, click on the "Finish" button to complete the start of the VPN service.

2. Configuring VPN parameters

After the VPN service has been started, the next step is to simply configure the VPN parameters. In the left box of the KWF console, click the "configuration→interfaces" option, and then in the right box, double-click the VPN server project, eject the VPN Server Properties Configuration dialog box, and switch to the General tab. By default, the VPN service randomly generates a C-class network address for VPN clients that is different from your local internal network, but this network address may not be enough to meet your needs, and you can modify it manually according to your needs.

To secure the VPN network, the VPN service also uses "SSL certificate" to encrypt the information in the network, and this certificate is generated automatically by the VPN service. If you want to modify the "SSL certificate" is also very simple, click the "Change SSL Certificate" button under the "General" tab, pop-up the "Server SSL Certificate" dialog box (Figure 1), click " Generate Certificate ... "button, then enter SSL certificate information, and finally click" OK "button to generate a new certificate.

It is also easy to modify the listening port for the VPN service by using "4090" by default. Switch to the "Advanced" tab and enter the new port value in the "Listen on port" field.

After you have completed the VPN parameter settings, remember to click the OK button in the VPN Server Properties Configuration dialog box to save the settings.

3. Create VPN Account

Although the above completes the VPN service startup and the parameter configuration, but this time the VPN customer still cannot log on the VPN network, needs the legal user account number.

In the KWF console window, after clicking Users and Groups→users, you can create a VPN account in the box on the right. Click the "Add" button, the Pop-up Account Creation Wizard dialog box, enter the VPN account in the "Name" field, such as "Cce1vpn", and then select the "Internal user Database" item in the "Authentication" drop-down list box. Then, enter the VPN account password two times.

Two times after clicking on the "Next" button, enter the User Rights Settings dialog box, where you need to specify the user's permissions according to the actual needs, but you must select the "user can connect using VPN" entry, otherwise VPN users can not connect to the VPN server.

Click "Next", enter the "Limit" dialog box, where you can limit the network traffic to VPN users, such as restricting the "Cce1vpn" account daily total traffic of 100MB, here must select the "Enable Everyday limit" option, and then in "Direction" Select "All traffic" in the Drop-down list, enter "100" in the "Quota" field, and select "MB" to complete the user's traffic limit. Click "Next" to set the content policy, for VPN users, the KWF firewall by default is not allowed through the KWF Internet, where the default value can be used.

Click the "Next" button, enter the "Auto Login" Settings dialog box, if the "Cce1vpn" account with no special IP address restrictions, you can do without any restrictions, and finally click the "Finish" button to complete the creation of VPN account.

4. Automatically generate VPN traffic policy

When KWF starts the VPN service, it finds two more policies for VPN services in the Traffic policy box in the console, which is to allow external VPN users to access the VPN service and allow VPN clients and internal networks to access each other. No need for manual configuration, the VPN service automatically completed the public network release.

   Log on to VPN network

The above completes all the settings for the VPN server. The next remote client can connect to this VPN server, from the http://www.cloudnet.com.cn/download/winroute-

Vpnclient.exe "Download Kerio VPN client, run after installation. Click the "Add" button in the VPN Client dialog box, eject the Edit VPN Server dialog (Figure 2), enter the VPN server's IP address "Username" and "Password" in the "Server" field, and then click the "OK" button.

Next, select the newly created option in the VPN Client dialog box, and then click the "Connect" button below and wait a moment for the VPN client to connect to the VPN network.

The Kerio VPN client is slightly different from a typical VPN client, and when it logs on to the VPN server, it automatically updates the local routing table and does not make any changes to the other content. As a result, Kerio VPN clients can connect to multiple VPN servers at the same time without any conflict problems, which is difficult for other VPN clients.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.