VPN servers are usually set up using the "route and remote access" component in Windows, but the configuration is complicated. If you can integrate the network firewall and VPN functions, You can simplify the setup process and use firewall policies to enhance the security of the VPN service. Kerio Winroute Firewall (KWF) is a tool built into the VPN Server. It can also use the built-in functions of KWF to enhance security and facilitate VPN management, let's take a look at how to use KWF to set up a VPN Server!
Install the VPN Server
KWF has a built-in VPN service, and the installation process of the VPN service is very simple. You do not need to configure it separately. The installation of the VPN service and the installation of the KWF firewall are synchronized. Run the KWF firewall installer from the iis2000/XP/2003 system. The VPN service is installed by default. Remember to set the initial password for the Administrator account in the "Administrator Account" dialog box, the VPN service can be installed.
Tip: When the VPN Server is installed, the "Kerio VPN Adapter driver has not passed the Windows logo test..." will pop up ......" In the dialog box, ignore the error prompt and click "continue.
Configure the VPN Server
1. Start the VPN Service
Restart the Windows system to install the VPN Server, but the VPN service is not started yet. Double-click "KWF icon" in the system tray to bring up the console logon dialog box. In the "Host" column, select "Localhost ", enter the Administrator account and Password in the "Username" and "Password" columns, and click "Connect" to log on to the KWF console.
The VPN service is fully automated. the "Network rules Wizard" dialog box will pop up when you log on to the KWF console for the first time, and then click "Next )", make sure that the "Yes, I want to use Kerio VPN" option is selected on the fifth page, and then click "Finish" to start the VPN service.
2. Configure VPN Parameters
After the VPN service is started, configure the VPN parameters. Click "Configuration> Interfaces" in the box on the left of the KWF console, and double-click the "VPN Server" project in the box on the right. The "VPN Server attribute Configuration" dialog box is displayed, and the "General" tab is displayed. By default, the VPN service will randomly generate a class C network address that is different from your local network. However, this network address may not meet your needs, you can manually modify it as needed.
To ensure the security of the VPN Network, the VPN service also uses "SSL Certificate" to encrypt the information in the network, and this Certificate is automatically generated by the VPN service. To modify "SSL Certificate", click "Change SSL Certificate" under the "General" tab to bring up the "Server SSL Certificate" dialog box (1 ), click Generate Certificate ..." Then, enter the SSL certificate information, and click "OK" to generate a new certificate.
It is also easy to modify the listening port of the VPN service. "4090" is used by default ". Switch to the "Advanced" tab and enter a new port value in the "Listen on port" column.
After setting the VPN parameters, click OK in the VPN Server attribute configuration dialog box to save the modification settings.
3. Create a VPN account
Although the VPN service is enabled and configured, the VPN customer still cannot log on to the VPN network and needs a valid user account.
In the KWF Console window, click "Users and Groups → Users" to create a VPN account in the right frame. Click the "Add" button to bring up the Account creation wizard dialog box. In the "Name" column, enter the VPN account, for example, "CCE1VPN ", select the "Internal user database" item in the "Authentication" drop-down list box, and then enter the VPN account password twice.
Click "Next" twice to go to the User permission Settings dialog box. You must specify the User permission as needed, but select "User can connect using VPN, otherwise, the VPN user cannot connect to the VPN Server.
Click "Next" to go to the "quota" dialog box, where you can limit the network traffic of VPN users. For example, you can limit the total traffic of the "CCE1VPN" account to 100 MB per day, select "Enable daily limit", select "all traffic" in the "ction" drop-down list, and enter "100" in the "Quota" column ", select "MB" as the unit to limit the user's traffic. Click "Next" and set the content policy. For VPN users, KWF firewall does not allow access through KWF by default. Here, the default value is used.
Click "Next" to go to the "Automatic Logon" Setting Dialog Box. If there are no special restrictions on the IP addresses used by the "CCE1VPN" account, click "Finish" to create the VPN account.
4. automatically generate a VPN traffic policy
After KWF starts the VPN service, it will find two more VPN service policies in the "Traffic policy" box on the console, its role is to allow external VPN users to access the VPN service, and to allow VPN customers and internal networks to access each other. The public network release of the VPN service is automatically completed without manual configuration.
Log on to the VPN Network
All settings of the VPN Server are completed. The next remote client can connect to this VPN Server, from "http://www.cloudnet.com.cn/download/WinRoute-
Vpnclient.exe "downloads the Kerio VPN Client program and runs it after installation. In the VPN customer Program dialog box, click "Add" to bring up the edit VPN Server dialog box (2 ), in the "Server" column, enter the IP address "Username" and "Password" of the VPN Server, enter the VPN account and Password, and click "OK.
Next, select the new option in the VPN customer Program dialog box, and click the "Connect" button below. After a while, the VPN Client can be connected to the VPN network.
The Kerio VPN Client program is slightly different from the common VPN Client program. After logging on to the VPN Server, the client automatically updates the local route table and does not make any changes to other content. Therefore, the Kerio VPN Client program can connect to multiple VPN servers at the same time without any conflict issues. This is difficult for other VPN clients.