Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Kerio Control VPN
  3. Articles

Using Windows Native VPN Client to Connect to Kerio Control

Overview


You may face issues connecting to Kerio Control using Windows 10 native VPN Client and a preshared key or a certificate. This article describes how to configure Kerio Control and Windows VPN client properly. 

 

Prerequisites


The following ports need to be allowed on the router, and forwarding needs to be enabled for them:

  • TCP/UDP 4090
  • TCP/UDP 4081
  • TCP/UDP 500
  • TCP/UDP 4500

 

Process


Configuring Kerio Control

  1. In Kerio Control Webadmin, navigate to Settings (Gear Icon) > Interfaces > VPN Server Properties.
  2. Check the following options:
    • Enable Kerio IPsec VPN Server
    • Enable Kerio VPN Server
    • Use certificate for clients
    • Use preshared key (also, you need to enter the key in the corresponding field)
    • Enable MS-CHAP v2 authentication

      mceclip3.png

  3. Click OK, and navigate to the Traffic Rules menu.
  4. Ensure that the default rule named VPN Services exists and is active to allow VPN access.

    image-1

  5. Navigate to the Users menu and ensure that the option User can connect using VPN is enabled for the corresponding user. 

    image-2

 

Configuring VPN Settings on the Client Windows 10 System

  1. Open Network & Internet Settings.

    mceclip1.png

  2. Navigate to the VPN menu, and click Add a VPN Connection.

    image-3

  3. Specify the VPN settings:
    • Select VPN provider as Windows (built-in).
    • Enter a Connection name.
    • Enter Public IP or hostname of the Kerio VPN Server in the Server name or address field.
    • Select L2TP/IPsec with pre-shared key as VPN type.
    • Enter the Pre-shared key (PSK) matching the PSK key entered in Kerio Control VPN settings (step 2).
    • Select User name and password as Type of sign-in info.
    • Enter the User name and the Password.
    • Check Remember my sign-in info.

      image-4

  4. Click Save button
  5. Select the VPN connection you created and click the Connect button.

    image-5

  6. If you are experiencing connection issues, change the Local Security Policy on the client computer (ensure that the option to send LM and NTLM negotiations is enabled) following the next steps:

    1. Open Local Security Policy in Windows 10.
      From the Start menu, in the Search programs and files dialog, enter secpol.msc and press Enter.

      image-6

    2. Expand Local Policies and click on the Security Options folder.

      mceclip2.png

    3. On the right-hand side of the Local Security Policy window, locate and double-click on Network security: LAN Manager authentication level.

      image-7

    4. In the drop-down list, select Send LM & NTLM - use NTLMv2 session security if negotiated.
      Click OK.

      mceclip0.png

    5. Reboot the PC and try connecting again.

 

 

 

Back to top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments