In some cases there is a special need of running a program or a script (execute a batch command) along with dialing or hanging up a link. This can be helpful for example if a special type of modem is used that must be controlled by a special program provided by its developers.
Kerio Control allows launching any program or a command in the following situations: Before dial, After dial, Before hang-up or/and After hang-up. In case of the Before dial and Before hang-up options, the system does not wait for its completion after startup of the program.
Scripts for control of dial-ups must be located in the scripts subdirectory of the firewall’s installation directory, typically
C:\Program Files\Kerio\WinRoute Firewall\scripts
(Attention: This directory is not included in the default installation — it is therefore necessary to create it!).
7.7 Supportive scripts for link control (Windows)
The script names must have the following names:
• BeforeDial.cmd— before dial,
• AfterDial.cmd— after dial,
• BeforeHangup.cmd— before hangup,
• AfterHangup.cmd— after hangup.
Each script first accepts the parameter of full name of the connection currently being dialed or hung up (name in the Kerio Control interface).
Possible errors (e.g. if you allow an action but the particular script does not exist) are recorded in the Error log (see chapter24.8).
Note:
If the name of the dial-up includes blanks, it will be automatically put in quotes upon the script call, which guarantees correct transmission of the full name in an only parameter of the script. However, it is more suitable to use names without blanks and diacritics for dial-ups.
Interfaces in Kerio Control can be renamed any time needed.
Warning:
On Windows, Kerio Control is running as a service. Therefore, external applications and operating system’s commands will run in the background only (in the SYSTEM account). The same rules are applied for all external commands and external programs called by scripts.
Therefore, it is not highly unrecommended to use interactive applications (i.e. applications with user interaction) for the actions described above. Interactive application would be running “in background” until the system restart or killing of the particular process. Under specific circumstances, such application might also block other dials or hang-ups.
Configuring Internet connection and the local net-work
The basic function of Kerio Control is connection of the local network to the Internet.
For networks using IPv4, it is possible to use one or more Internet connections (Internet links).
Depending on number and types of Internet links, Kerio Control provides various options of Internet connection. Only a single link connection is for IPv6.
Single Internet Link
The most common connection of local networks to the Internet. In this case, only one Internet connection is available and it is used persistently (typically Ethernet, Wi-Fi, ADSL or cable modems). It is also possible to use dial-like links which can be connected persistently — typically PPPoE connections.
A Single Internet Link — Dial On demand (Windows only)
This type of connection is fit for links which are charged by connection time — typically modems for analog or ISDN links. The link is down by default and Kerio Control dials it in response to a query demanding access from the local network to the Internet. If no data are transferred via the link for some time, Kerio Control hangs it up to reduce connection costs.
This mode is available only in Kerio Control for Windows. Kerio Control in editions Appli-ance and Box does not support dial-ups.
Multiple Internet Links — Failover
Where reliability (availability of the Internet connection) is an issue and two Internet links are available, the connection failover feature can help. If the primary link fails, Kerio Control switches to the secondary link automatically. Users may therefore notice just a very short disconnection of the Internet connection. When the connection on the primary link is recovered, Kerio Control automatically switches back to it. For most part of users, this operation takes so short to be even noticeable.
Multiple Internet Links Traffic Load Balancing
If throughput (connection speed) is an issue, Kerio Control can use multiple links concurrently and spread data transferred between the LAN and the Internet among these links. In standard conditions and settings, this also works as connection failover — if any of the links fails, transferred data are spread among the other (working) links.
This involves selection of the Internet connection type in the Configuration → Interfaces section of the Kerio Control configuration, setting corresponding interfaces for connection to the Internet and definition of corresponding traffic rules (see chapter9.3).
8.1 Connectivity Wizard
8.1 Connectivity Wizard
For easy configuration of network interfaces, Internet connection and local network, Kerio Control provides Connectivity Wizard. This wizard can be run from the Configuration Assis-tant (see chapter 4.2) or by clicking on the Configure in wizard link under Configuration → Interfaces.
Typically, the connectivity wizard is used for initial configuration of Internet connection and local network. If used later, the wizard tends to respect the existing firewall configuration as much as possible. If it detects specific settings which are not compatible, detailed information is displayed and the wizard closes. Kerio Control administrator then can edit this setting manually or make necessary configuration changes without even using the wizard. One of these “incompatible” settings is for example DHCP server (see chapter11.2) in the manual configuration mode or on-demand dial of Internet connection (Kerio Control on Windows).
Internet connection mode
The first section focuses on selection of mode for Internet connection:
• Single Internet Link — connection with a single leased or dial-up link (see chapter8.2).
• Two Internet Links with Traffic Load Balancing — two links will be always used for Internet connection, increasing connection speed (throughput), see chapter8.3.
• Two Internet Links with Failover — the primary link is used for Internet connection, with a secondary link ready as a failover link (see chapter8.4).
Detailed descriptions of individual connection modes are provided in the following chapters.
Note:
1. The wizard allows to configure only IPv4 parameters. To use IPv6, it is necessary to configure individual network interfaces manually.
2. Link load balancing modes and connection failover can only be used for IPv4.
3. Kerio Control on Windows also enables on demand dial of Internet connection. This mode cannot be set in the wizard. For details, see chapter8.5.
Selecting Internet interfaces
In dependence on the selected connection mode it is also necessary to choose interface(s) connected to the Internet.
The wizard allows to edit settings of the default gateway and DNS servers for individual interfaces (by default, configuration detected in the firewall’s operating system is used).
The wizard does not allow setting of dial-up connection parameters (phone number, login data, etc.).
Selecting an interface for local network and setting DHCP server The next page allows to select an interface connected to the local network.
The interface of the local network will be used as the default gateway (or also as a DNS server) for hosts in the LAN. For this reason, the interface must have a fixed IP address and therefore it cannot be configured by DHCP.
It is supposed that exactly one interface is currently connected to the local network. Interfaces which are used neither for Internet connection or for the local network are added to the Other Interfaces group. If the local network consists of multiple segments connected to different firewall interfaces, then you can simply add all uninvolved interfaces to the group Trusted / Local Interfaces.
While selecting an interface for the local network, it is also possible to enable automatic configuration of local hosts by the Kerio Control DHCP server (recommended). This option enables the DHCP server in automatic configuration mode — it is not necessary to set anything.
If you do not want to use the Kerio Control DHCP server, it is kept disabled which should guarantee avoiding possible collisions.
Summary and application of the new configuration
On the last page of the wizard, new connection configuration is summarized.
This is the last chance to cancel the changes. The configuration will be applied upon its confirmation.