GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » Accessing Internet over VPN
Accessing Internet over VPN [message #120058] Mon, 16 March 2015 18:48 Go to next message
Tech1UAE is currently offline  Tech1UAE
Messages: 44
Registered: July 2011
Hi there,

I have created a Kerio VPN link between two locations in two countries. I would like to route Internet traffic on a local device using the remote network.

The local IP range is 10.8.1.x and the remote range is 192.168.143.x

I can ping all of the devices at the remote end and I thought it would just be simply a case of setting a remote static address and router etc on the local device. However when I test the connection, the Internet won't respond.

I would assume I have to set up some traffic policy but I'm not sure how to achieve this. Could I get some advice please?

Thanks,

Andy

[Updated on: Mon, 16 March 2015 20:03]

Report message to a moderator

Re: Accessing Internet over VPN [message #120063 is a reply to message #120058] Tue, 17 March 2015 00:58 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
Following is from a very reliable source but I yet to have a chance to verify:

Configure remote routes on 'client' side as
0.0.0.0/128.0.0.0
128.0.0.0/128.0.0.0

This won't destroy the default route, but will route all traffic through the tunnel.

Please let us know how it goes.

M. 17400


PTSD. BP. OCD. ASPD. BPD. Certified.
Re: Accessing Internet over VPN [message #120067 is a reply to message #120063] Tue, 17 March 2015 06:55 Go to previous messageGo to next message
Tech1UAE is currently offline  Tech1UAE
Messages: 44
Registered: July 2011
Thanks for the reply but that doesn't work. Can you specify exactly where I need to enter these values?

Thanks,

Andyy
Re: Accessing Internet over VPN [message #120082 is a reply to message #120067] Tue, 17 March 2015 15:26 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
This is only possible using the Kerio VPN client. You would need to install it on the "local device".

Brian Carmichael
Instructional Content Architect
Re: Accessing Internet over VPN [message #120092 is a reply to message #120058] Tue, 17 March 2015 19:22 Go to previous messageGo to next message
Tech1UAE is currently offline  Tech1UAE
Messages: 44
Registered: July 2011
Thanks for the reply. The local device is a Samsung Smart TV and so obviously I can't install the VPN client.

I suppose you would think it would be easy for this kind of setup to work. There is one large network (so to speak) so I thought it would be fairly easy to fool the device into thinking it was located at the other end? Isn't this how normal dial-up VPN's work?

Sorry if I'm over-simplifying here!

Andy
Re: Accessing Internet over VPN [message #120251 is a reply to message #120058] Tue, 24 March 2015 04:22 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
I spent a few hours with the routes, I could not make it work either. And I was told to tell you to make a feature request.

But I am not giving up yet. I might not be able to find the answer for you at the end but I want you to know I am still working on it.

M. 20304


PTSD. BP. OCD. ASPD. BPD. Certified.

[Updated on: Tue, 24 March 2015 04:22]

Report message to a moderator

Re: Accessing Internet over VPN [message #120470 is a reply to message #120058] Sat, 04 April 2015 06:24 Go to previous messageGo to next message
GMarciales is currently offline  GMarciales
Messages: 8
Registered: April 2015
Location: Pullman / WA / USA

Hi, I dont know exactly this TV capabilities, have the TV any VPN client like PPTP?

Two other possibles options are:
- Web Proxy.
- GRE Tunnel.
Re: Accessing Internet over VPN [message #120689 is a reply to message #120058] Tue, 14 April 2015 02:54 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
Apologies for the delay.

I had success with the following configuration:

Tunnel
Server side: 10.0.0.254/24
Client side: 172.21.1.254/24

Here's the screen capture of the configuration:
./fa/3811/0/

The last parts were the whatismyip.com check, before and after tunnel was up.
  • Attachment: tunnel.jpg
    (Size: 135.05KB, Downloaded 2095 times)


PTSD. BP. OCD. ASPD. BPD. Certified.
Re: Accessing Internet over VPN [message #126573 is a reply to message #120689] Sat, 19 December 2015 15:14 Go to previous messageGo to next message
nitorcomms is currently offline  nitorcomms
Messages: 1
Registered: July 2015
Hi,

This was a very good post and really should be included in the Admin guide because 99% of corporate users with HQ and Branch offices use this scenario. It works and it works well.

Cheers

Rob


Rob
Re: Accessing Internet over VPN [message #126580 is a reply to message #126573] Mon, 21 December 2015 06:00 Go to previous messageGo to next message
samrowland is currently offline  samrowland
Messages: 1
Registered: December 2015
at its default setting the vpn client uses the vpn server as default gateway, so there is not very much to setup on the clientside. If the server NPS/RAS Policy is configured to not restrict the vpn traffic and (instead) route it accordingly everything should work fine. As i understand, you use a special IP Network for your VPN Clients, which needs to be routed in your servers LAN:

Maybe your IP range (192.168.100.2) is unknown the the other network devices on your network, so just add a route on your internet router that the router "knows" that it reach 192.168.100.2 through your VPN Server (which i assume on the same network as your internet-gateway/router).



Re: Accessing Internet over VPN [message #129164 is a reply to message #126580] Sat, 23 April 2016 00:02 Go to previous message
Tech1UAE is currently offline  Tech1UAE
Messages: 44
Registered: July 2011
Hi again,

Sorry about this but I cannot get this to work and so I must be doing something wrong. Let me give you a brief overview of the network.

Client Side 10.8.1.0/24
Server Side: 192.168.143.0/24

I basically have a PS3 connected to IP address 10.8.1.253 and I want to trick it into thinking that it is connected to the 192.168.143.0/24 network.

Thanks,

Andy
Previous Topic: Control 3120 Boot Hang
Next Topic: I can't see websites on IIS; when IIS is back of Kerio Control
Goto Forum:
  


Current Time: Fri Feb 03 15:38:03 CET 2023

Total time taken to generate the page: 0.02153 seconds