Introduction

Kerio Control 9.5.0 introduces native support for OpenVPN, providing a secure, flexible, and widely compatible VPN solution directly from the Kerio Control interface. This integration allows organizations to offer safe remote access to internal networks, leveraging the robust OpenVPN protocol across multiple operating systems. The feature simplifies setup, enhances security, and streamlines management for administrators and end users alike. OpenVPN uses port 1194 to make connections between clients and servers over UDP

Benefits

1. Enhanced security: OpenVPN uses SSL/TLS for encryption and authentication, protecting data transmitted between remote users and the internal network. 

2. Broad compatibility: Users can connect from Windows, macOS, Linux, iOS, and Android devices using standard OpenVPN clients.

3. Simple Deployment: Configuration files can be exported from Kerio Control and easily imported into client devices, minimizing setup time and user errors.

Key features

• Built-In OpenVPN Server: No need for separate VPN hardware or software.

• Certificate-Based Authentication: Uses SSL certificates for secure user verification.

• Customizable Settings: Administrators can select ports, IP ranges, and traffic rules for VPN access.

• Easy Monitoring: Real-time overview of connected VPN clients from the Kerio Control dashboard.

Prerequisites

• Kerio Control requires its WAN interface to be accessible from the Internet to ensure proper connectivity and functionality.

How to configure OpenVPN

1. Enable OpenVPN

   1. Go to Configuration > Interfaces in the Kerio Control admin interface.

   2. Double-click on OpenVPN Server and check 'Enable OpenVPN Server'.

1. Configure OpenVPN Settings

   1. Select a valid SSL certificate.

   2. Set the VPN subnet (e.g., 10.10.10.0/24)

   3. Set the public IP address or hostname that allows Kerio Control to be accessed from the Internet as the “Server Identity.”

1. Adjust Traffic Rules

   1. Make sure VPN traffic is allowed by reviewing Configuration > Traffic Rules.

   2. Create or modify rules to permit VPN connections to internal resources.

2. OpenVPN profiles can only be downloaded through the user portal (https://[KerioControlIP]:4081/login), not the admin interface.

   1. Users should login here https://[KerioControlIP]:4081/login

   2. Go to "My Account"

   3. Click on "VPN Profiles". 

   4. Download Profile:

3. Client Connection

   1. Users install the OpenVPN client for their OS.

   2. Import the configuration and connect.

Additional notes

• Make sure users have VPN access rights in Users and Groups.

• Confirm the firewall allows connections on the OpenVPN port.

• Monitor and manage active VPN sessions in Status > VPN Clients.

• Important: If 2FA is enabled globally for the VPN, OpenVPN will connect but may not work properly. The app won’t prompt for the 2FA token automatically, so users need to manually open a web browser and enter the 2FA URL to complete the login.