Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

23.3 Interconnection of two private networks via the Internet (VPN tunnel)

293

Figure 23.9

VPN tunnel — certificate fingerprints

DNS Settings

DNS must be set properly at both sends of the tunnel so that it is possible to connect to hosts

in the remote network using their DNS names. One method is to add DNS records of the hosts

(to the hosts file) at each endpoint. However, this method is quite complicated and inflexible.

If the DNS module in WinRoute is used as the DNS server at both ends of the tunnel, DNS

queries (for DNS rules, refer to chapter

8.1

) can be forwarded to hostnames in the correspond-

ing domain of the DNS module at the other end of the tunnel. DNS domain (or subdomain)

must be used at both sides of the tunnel.

Note: To provide correct forwarding of DNS queries sent from the WinRoute host (at any side

of the VPN tunnel), it is necessary that these queries are processed by the DNS module. To

achieve this, set the DNS server on each firewall’s interface located to the local network “to its

own” (i.e. use IP address of the very interface as the DNS server address).

Detailed guidance for the DNS configuration is provided in the example in chapter

23.5

.

Routing settings

On the Advanced tab, you can set which method will be used to add routes provided by the

remote endpoint of the tunnel to the local routing table as well as define custom routes to

remote networks.

The Kerio VPN routing issue is described in detail in chapter

23.4

.