END USERS GUIDE

Discover how to use Kerio Control Statistics, VPN Client and 2-step verification
The information and content in this document is provided for informational purposes only and is provided "as is" with
no warranties of any kind, either express or implied, including without limitation any warranties of merchantability,
fitness for a particular purpose, and non-infringement. GFI Software disclaims and in no event shall be liable for any
losses or damages of any kind, including any consequential or incidental damages in connection with the furnishing,
performance or use of this document. The information is obtained from publicly available sources. Though reasonable
effort has been made to ensure the accuracy of the data provided, GFI makes no warranty, promise or guarantee about
the completeness, accuracy, recency or adequacy of information contained in this document and is not responsible for
misprints, out-of-date information, or errors. GFI reserves the right to revise or update its products, software or
documentation without notice. You must take full responsibility for your use and application of any GFI product or service.
No part of this documentation may be reproduced in any form by any means without prior written authorization of GFI
Software.
If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as
practical.
GFI and Kerio Control are trademarks or registered trademarks of GFI Software or its affiliates in the US and other
countries. Any other trademarks contained herein are the property of their respective owners.
Kerio Control is copyright of Kerio. - 1999-2019 Kerio. All rights reserved.
Document Version: 9.2.8
Last updated (month/day/year): 02/09/2019
Contents
1 Introduction 4
2 Kerio Control Statistics 5
2.1 Managing your Kerio Control Statistics account 5
2.1.1 Accessing the web interface 5
2.1.2 Switching between Kerio Control Statistics and account settings 6
2.1.3 Reading statistics and reports 6
2.1.4 Setting up 2-step verification 6
2.1.5 Checking your quota 6
2.1.6 Dialing and hanging up lines in Kerio Control Statistics 7
2.1.7 Changing your password 7
2.1.8 Setting a language for Kerio Control Statistics and email reports 8
2.2 Reading managerial statistics and reports in Kerio Control 8
2.2.1 Reading the summary report 10
2.2.2 Reading individual statistiscs 17
2.2.3 Special users in Kerio Control Statistics 17
2.3 Viewing activity reports in Kerio Control Statistics 18
2.3.1 Accessing the web interface 18
2.3.2 Switching between Kerio Control Statistics and account settings 19
2.3.3 Displaying Kerio Control Statistics 19
3 Kerio Control VPN Client 24
3.1 Installing and configuring Kerio Control VPN Client for users 24
3.1.1 System requirements 24
3.1.2 Prerequisites 24
3.1.3 Kerio Control VPN Client for Windows 25
3.1.4 Kerio Control VPN Client for OS X 26
3.1.5 Kerio Control VPN Client for Linux 29
3.1.6 Troubleshooting 29
3.2 Deleting VPN client entries on OS X 29
3.3 Upgrading Kerio VPN Client for OS X 10.9.5, OS X 10.10 and later 30
3.3.1 Upgrading Kerio VPN Client 30
4 Authenticating with 2-step verification 31
4.1 Enabling the 2-step verification 31
4.2 Disabling the 2-step verification 33
4.3 Enabling the 2-step verification when you use Kerio Control VPN Client 34
4.4 Enabling the 2-step verification when you use IPsec VPN client 34
1 Introduction
Kerio Control provides a combination of Unified Treat Management and Next-Generation firewall which helps you to
protect, manage and monitor your network and users' behavior.
The Kerio Control web based interface is clean and simple, and you can log into the firewall securely. After a successful
login, you can set up your account, watch Kerio Control Statistics if you have permissions, or configure 2-step verification.
You can gather and display a detailed usage reports with Kerio Control Statistics. This component lets managers, admins
and users view Internet and application activities of individual users. Users can see their own statistics and correct their
behavior accordingly. Team leaders can see Internet activities of their team members and managers can see browsing
and application usage of all users in the company.
These highly granular statistics can automatically run on a schedule and be emailed to you, ready for your review.
Kerio Control supports VPN, therefore, you can connect to your company network remotely from your home. Installation
and configuration of Kerio Control VPN Client allows you to work with all your files and applications which are not
publicly available through the Internet.

Kerio Control 1 Introduction | 4

2 Kerio Control Statistics
This section describes reading and customizing statistics in Kerio Control.

2.1 Managing your Kerio Control Statistics account 5

2.1.1 Accessing the web interface 5
2.1.2 Switching between Kerio Control Statistics and account settings 6
2.1.3 Reading statistics and reports 6
2.1.4 Setting up 2-step verification 6
2.1.5 Checking your quota 6
2.1.6 Dialing and hanging up lines in Kerio Control Statistics 7
2.1.7 Changing your password 7
2.1.8 Setting a language for Kerio Control Statistics and email reports 8
2.2 Reading managerial statistics and reports in Kerio Control 8
2.2.1 Reading the summary report 10
2.2.2 Reading individual statistiscs 17
2.2.3 Special users in Kerio Control Statistics 17
2.3 Viewing activity reports in Kerio Control Statistics 18
2.3.1 Accessing the web interface 18
2.3.2 Switching between Kerio Control Statistics and account settings 19
2.3.3 Displaying Kerio Control Statistics 19

2.1 Managing your Kerio Control Statistics account

Kerio Control Statistics is a web interface where you can view your own browsing statistics. It also includes tools for:
Enabling 2-step verification
Changing the password used to log in to Kerio Control
Setting language preferences for the Kerio Control Statistics interface, reports and email alerts

2.1.1 Accessing the web interface

To open Kerio Control Statistics:
1. Launch your web browser and type your Kerio Control address. The address has this pattern: https://server-
:4081/ where server refers to the name or IP address of Kerio Control, and 4081 represents a web interface port.

NOTE
If your browser displays a warning about a certificate invalidity, continue.

Kerio Control 2 Kerio Control Statistics | 5

For more information, contact your Kerio Control administrator.
2. In the Kerio Control Statistics login page, type your Kerio Control username and password. If you do not know your cre-
dentials, contact your administrator.
3. Click Login.

2.1.2 Switching between Kerio Control Statistics and account settings

Kerio Control Statistics has two parts:
Statistics displays statistics and your Internet activities.
My Account enables you to change your password, set up 2-step verification, and check your Kerio Control quota.
Use the option in the upper right corner to switch to the other part of the interface.

2.1.3 Reading statistics and reports

See Viewing activity reports in Kerio Control Statistics and Reading managerial statistics and reports in Kerio
Control.

2.1.4 Setting up 2-step verification

For more information, refer to Authenticating with 2-step verification (page 31).

2.1.5 Checking your quota

In Kerio Control Statistics, you can check the upload/download quota set for your Kerio Control account.

Kerio Control 2 Kerio Control Statistics | 6

This section of the interface provides information on the data volume downloaded/uploaded for the current day, week,
or month. If your administrator has set up quota, Kerio Control Statistics displays your current usage as a percentage of
your quota.
To see your quota:
1. In the Kerio Control Statistics interface, go to My Account.
2. On the Account tab, see the Transfer Quota Statistics section.

NOTE
The starting day for the week or month can be changed. Contact your administrator for details.

2.1.6 Dialing and hanging up lines in Kerio Control Statistics

You can dial and hang up lines and view their status on the Dial-up Lines tab. This tab lists all dial-up lines defined in
Kerio Control.

WARNING
The Dial-up Lines section is visible only if you have rights for controlling dial-ups in Kerio Control.

To dial or hang up the line, click the link in the Action column.
The following dial-up details are shown:
Name of the line in Kerio Control.
Current state — Disconnected, Connecting (the line is being dialed), or Connected, Disconnecting (the line is
being disconnected).
Action — hypertext link that dials or hangs up the line when clicked (depending on its current state).
Connection time.
Volume of data transferred in either direction Incoming = from the Internet to the LAN, Outgoing = from the LAN to
the Internet.

2.1.7 Changing your password

WARNING
You can change your password only if your account does not belong to a directory service.

The middle section of the Account tab allows you to set your user password.
1. In the Kerio Control Statistics interface, go to My Account.
2. On the Account tab, type the old password once and the new password twice.
3. Click Change password.

Kerio Control 2 Kerio Control Statistics | 7

2.1.8 Setting a language for Kerio Control Statistics and email reports
Kerio Control can display and send statistics, reports and email alerts in various languages. To change the language:
1. In the Kerio Control Statistics interface, go to My Account.
2. On the Account tab, scroll to the Language section at the bottom of the tab.
3. Select a language.
4. Click Save.
Kerio Control saves your settings and reloads the Kerio Control Statistics interface in the new language.

NOTE
Language settings also affect the format of dates and numbers.

2.2 Reading managerial statistics and reports in Kerio Control

Kerio Control can gather and display Internet statistics of all data (all Kerio Control users, non-authenticated users and
guest users - see Special users in Kerio Control Statistics), for various user groups, and for all individual users in these
groups. These statistics let you keep an eye on your subordinates' browsing activities. Ask your administrator for access
and permissions.

Kerio Control 2 Kerio Control Statistics | 8

Once you have the permissions, you can see two tabs in Kerio Control Statistics:
Summary Report, which lets you view statistics by user group.

Individual, which lets you select single users (or yourself) to see their statistics.

Kerio Control 2 Kerio Control Statistics | 9

2.2.1 Reading the summary report
The Summary Report tab gives you an overview of the available user groups.
First, select a user group from the drop-down list.

Alternatively, choose All to see all users, including guest users and non-authenticated users. You need special
permissions to see this group.

Kerio Control 2 Kerio Control Statistics | 10

 NOTE
The No data available alert informs you that no data is available in Kerio Control's database for the selected statistics
and period (for example, the selected user account does not exist, the user does not log in to get through firewall,
and so on).

The Summary Report tab has several additional tabs, as described below:

Overall tab

Hourly/Weekly/Monthly Traffic graph

The first graph on the Overall tab provides information on the volume of data transferred within the selected period.
When you move the pointer over the chart, you see information about data volumes transferred over the entire selected
period (total and in each direction).

By default, the Hourly Traffic chart is set to show the current day. To change to the current week or month, use the
toolbar in the upper right corner.

Kerio Control 2 Kerio Control Statistics | 11

 NOTE
The shortest period you can view is one day.

Top Application Traffic

The Top Application Traffic shows the five applications that got the most traffic during the selected period.
For more information, click any application and Kerio Control Statistics takes you to the Applications tab, where you can
see further details about the application.

Top Visited Websites graph

The Top Visited Websites chart shows the five domains ranked by visits. The numbers in the chart show how many visits
were made to all pages on that domain during the selected period.

Kerio Control 2 Kerio Control Statistics | 12

For more information, click the chart and Kerio Control Statistics takes you to the Visited Sites tab, where you can see
further details.

Top Requested Web Categories graph

To see a chart of the most requested pages by category (such as IT or lifestyle), click Web Categories. The Top
Requested Web Categories chart shows the top five categories requested during the selected period,.
The numbers in the chart reflect the total number of HTTP requests in the each category. Because the number may
represent requests to multiple pages on a site. The number of requests is usually much higher than number of websites
visited.
For more information, click the chart, Kerio Control Statistics takes you to the Web Categories tab, where you can see
further details.

Top 5 Users graph

To see which users are using the largest amount of bandwidth, click Users by Traffic. The Top 5 Users chart shows the
five users who transferred the greatest volume of data during the selected period.

The chart includes individual users and the total volume of transferred data. Hover the pointer over a user's name to see
the volume of data transferred by that user, in both total volume and by direction (download, upload).
To see statistics for a particular user, click the user's name in the chart. The results are displayed on the Individual tab.

Kerio Control 2 Kerio Control Statistics | 13

 NOTE
The total volume of data transferred by a particular user is sum of all data transferred by the user from all hosts
connected to the firewall.

Used Protocols graph

The Used Protocols chart of shows the total volume of data transferred in the selected period.
Hover the pointer over a protocol to see the volume of data transferred by that protocol (see figure below).

This chart helps you recognize the type of traffic going between the local network and the Internet. If the Internet line
is overloaded, you can use this information to set necessary limits and restrictions (traffic rules, URL rules, and so on).

Users by Traffic tab

The Users by Traffic tab shows the volume of data transferred by individual users in the selected group in both
directions (download, upload). You can choose between all network traffic and traffic statistics filtered by network
protocol.

The table breaks down the total volume of transferred data by user. You can use the table to view all transferred data or
only data transferred by a selected protocol (or protocol class). This allows you to get information about which users have
transferred the most data via a particular service (for example, web browsing).
For better reference, Kerio Control sorts protocols by several predefined classes:

Kerio Control 2 Kerio Control Statistics | 14

 Email: SMTP, IMAP, POP3 protocols and their secured versions.
FTP: FTP protocol, including traffic over proxy server.
Instant messaging: Online communication via services such as ICQ and Jabber.
Multimedia: Protocols enabling real-time transmission of sound and video files, for example, RTSP, MMS, RealAudio.
P2P: Peer-to-peer file-sharing protocols, for example, DirectConnect, BitTorrent, eDonkey, and so on. The traffic is
counted only if Kerio Control detects that it is traffic within a P2P network.
Remote Access: Terminal access to remote hosts such as Remote desktop, VNC, Telnet or SSH.
SIP-VoIP: Voice over telephony via SIP protocol.
VPN: Connection to remote private networks, for example, Kerio VPN, Microsoft PPTP, IPsec.
WWW: HTTP and HTTPS protocols and any other traffic served by the HTTP protocol inspector.

Visited Sites tab

The Visited Sites tab gives you an overview of web pages users have visited.

These statistics tell you things such as:

What websites are visited by users regularly,
Which users do the most browsing,
The chart at the top of the tab shows the most visited websites. The numbers in the chart reflect the number of visits to
all pages on the site in the selected period.
Beneath the chart, you can see detailed statistics for each of the top ten websites.

Web Categories tab

The Web Categories tab gives an overview of popular web categories for the selected period.

Kerio Control 2 Kerio Control Statistics | 15

The numbers in the chart show the total number of HTTP requests in each category. Because a number may include
requests to multiple pages on a site. The number of requests is usually much higher than the number of visits shown for
the top visited websites.
Beneath the chart, Kerio Control Statistics shows detailed statistics for each of the top 10 web categories.

Applications tab

NOTE
New in Kerio Control 9.1!

If your organization uses Application awareness, the top ten web applications recognized by the Application awareness
module are displayed.

Kerio Control 2 Kerio Control Statistics | 16

Beneath the chart, Kerio Control Statistics shows detailed statistics for each of the top 10 applications. You can see, for
example, who uses each application from the top ten.

2.2.2 Reading individual statistiscs

To see detailed statistics for a particular user, click the user's name in a chart or table to switch to the Individual tab.
Alternatively, you can click the Individual tab on the main page and choose a user's name from the drop-down list.

The charts and tables in Kerio Control Statistics provide useful information on which users use the Internet connection
the most and make it possible to set necessary limits and quotas.
For more information, refer to Viewing activity reports in Kerio Control Statistics (page 18).

2.2.3 Special users in Kerio Control Statistics

Except for your Kerio Control users and groups, you can see in the user list two more special users:

Kerio Control 2 Kerio Control Statistics | 17

 guest users > Kerio Control gathers statistics for the guest network under the built-in guest users account.
not logged in > Kerio Control gathers statistics for traffic which does not belong to any logged in user. For example:
firewall,
traffic rule enabling web access to certain pages without login,
user traffic if you do not require user authentication when accessing web pages.

2.3 Viewing activity reports in Kerio Control Statistics

Kerio Control Statistics is a web interface where you can view your own browsing statistics.

NOTE
If you have sufficient access rights, you can also see other users' statistics. For more information, refer to Reading
managerial statistics and reports in Kerio Control (page 8).

The statistics show traffic between the local network and the Internet. They do not include volumes of data transferred
between local hosts and web pages on local servers.
Statistics are primarily used to create reports for a specified period. Gathering and evaluating statistics requires processing
large volumes of data. To reduce the load on the firewall, the data is updated hourly, so, you cannot use Kerio Control
Statistics for real-time monitoring of user activity.
For more information, refer to Managing your Kerio Control Statistics account (page 5).

2.3.1 Accessing the web interface

To open Kerio Control Statistics:
1. Launch your web browser and type your Kerio Control address. The address has this pattern: https://server-
:4081/ where server refers to the name or IP address of Kerio Control, and 4081 represents a web interface port.

WARNING
If your browser displays a warning about a certificate invalidity, continue.

For more information, contact your Kerio Control administrator.

Kerio Control 2 Kerio Control Statistics | 18

2. On the Kerio Control Statistics login page, type your Kerio Control username and password. If you do not know your
credentials, contact your administrator.

3. Click Login.

2.3.2 Switching between Kerio Control Statistics and account settings

Kerio Control Statistics has two parts:
Statistics displays statistics and your Internet activities.
My Account lets you change your password, set 2-step verification, and check your browsing quota.
Use the option in the upper right corner to switch to the other part of the interface.

2.3.3 Displaying Kerio Control Statistics

Selecting the period to view

By default, Kerio Control Statistics displays the current day. To change the time period, use the toolbar at the upper right
of the page.

The toolbar includes buttons for switching between the daily, weekly, monthly views. The previous and next arrows to
the left of those buttons allow you to jump quickly from one view to the next.

Kerio Control 2 Kerio Control Statistics | 19

 NOTE
The starting day of the week and month can be changed. Contact your administrator for details.

Printing
To print any page of the statistics, click the Print button.

Clicking Print displays the current page on a new tab in a printable format.

Overall tab

NOTE
The No data available alert informs that no data is available in Kerio Control's database for the selected statistics and
accounting period. This status can be caused by various different reasons — for example, the selected user account
does not exist in the particular time period, the user have not logged in to the firewall within the period, and so on.

The Overall tab includes information about:

Hourly/Weekly/Monthly Traffic — You can change the time period in the tool bar.
Top Application Traffic — The five applications that got the most traffic during the selected period.
Top Visited Web Sites — The five sites that got the most traffic during the selected period.
Top Requested Web Categories — The five categories that were most often viewed during the selected period.

Kerio Control 2 Kerio Control Statistics | 20

 User Details — Your user information stored in Kerio Control.

Kerio Control 2 Kerio Control Statistics | 21

 Used Protocols — The Used Protocols pie chart is shown if you uses web, multimedia, VoIP, email, and so on.

Reading the User's activity tab

NOTE
The User's Activity tab is visible only if Kerio Control gathers users' activity records.

The User's activity tab shows detailed information about your browsing activities. You can see:
What you were doing on the Internet during the selected period
How much time you spent browsing web pages
Gathering and evaluating statistics requires processing large volumes of data. To reduce the load on the firewall, the data
is updated hourly, so, you cannot use Kerio Control Statistics for real-time monitoring of activity.

Kerio Control 2 Kerio Control Statistics | 22

 NOTE
If No data available is shown then no data is available in Kerio Control's database for the selected statistics and
accounting period. This status can be caused by various different reasons — for example, the selected user account
does not exist in the particular time period, the user have not logged in to the firewall within the period, and so on.

Activity Categories
Activity categories are ranked in the order shown here. If there was no activity in a category in the selected period, that
category is omitted.
Web pages
Messaging, which includes email communication (SMTP, IMAP, and POP3 protocols) and instant messaging
Large file transfers, for example, archives, installation media, and so on
Multimedia, such as video sharing sites, online radio and television channels (streaming)
VoIP — SIP (Internet telephony)
Remote access, such as VPN.

Kerio Control 2 Kerio Control Statistics | 23

3 Kerio Control VPN Client
This section helps you to isntall and configure Kerio Control VPN Client on Windows, Linux and macOS.

3.1 Installing and configuring Kerio Control VPN Client for users 24
3.1.1 System requirements 24
3.1.2 Prerequisites 24
3.1.3 Kerio Control VPN Client for Windows 25
3.1.4 Kerio Control VPN Client for OS X 26
3.1.5 Kerio Control VPN Client for Linux 29
3.1.6 Troubleshooting 29
3.2 Deleting VPN client entries on OS X 29
3.3 Upgrading Kerio VPN Client for OS X 10.9.5, OS X 10.10 and later 30
3.3.1 Upgrading Kerio VPN Client 30

3.1 Installing and configuring Kerio Control VPN Client for users
Kerio Control VPN Client enables an encrypted connection from individual systems (clients) to a remote private network
via the Internet. The connection enables these clients to access the private network as if they were physically connected.
Three versions of Kerio Control VPN Client are available:
Kerio Control VPN Client for Windows
Kerio Control VPN Client for OS X
Kerio Control VPN Client for Linux
If you have administration rights to your computer, you can establish a persistent connection. Persistent connections are
reestablished whenever you restart your machine.

NOTE
Kerio Control 9.2.8 does not work with previous versions of Kerio Control VPN Client.

3.1.1 System requirements

For up-to-date system requirements, refer to: http://www.kerio.com/control/technical-specifications

3.1.2 Prerequisites
To connect to the Kerio Control network, you need to know:
Your Kerio Control username and password
The name of the Kerio Control server or its IP address

Kerio Control 3 Kerio Control VPN Client | 24

3.1.3 Kerio Control VPN Client for Windows
1. Download and install Kerio Control VPN Client. Kerio Control VPN Client starts automatically after installation and you
can see the Kerio Control VPN Client window.
2. In the Connection field, type a name for the new connection.
3. In the Server field, type the Kerio Control server name or IP address. If your administrator gives you more than one
server name or IP address, separate them with semicolons.

4. In the Username and Password fields, type your Kerio Control username and password.
5. (Optional) Select Save password to save your password in Kerio Control VPN Client.
6. (Optional) You can select Persistent connection if you have administration rights to your computer. Persistent con-
nections are reestablished whenever you restart your machine.
7. Click Connect.

NOTE
Kerio Control requires a valid SSL certificate to verify your connection when establishing the connection. If an SSL
certificate warning appears, consult the warning with your administrator.

If Kerio Control VPN Client is running, Windows taskbar displays the icon.

NOTE
Kerio Control can require 2-step verification. For more information, refer to Authenticating with 2-step
verification (page 31).

Removing connections
To remove old or broken connections:

Kerio Control 3 Kerio Control VPN Client | 25

1. Open Kerio Control VPN Client.
2. In the Connection menu, select the connection.

3. Click the icon. Kerio Control VPN Client asks you if you want to remove the selected connection.
4. Click Yes.
Kerio Control VPN Client removes the connection.

Changing a language
To change the language of the Kerio Control VPN Client interface:

1. Right-click the icon in the notification area of the Windows taskbar.

2. In the context menu, click Settings.

3. In the Kerio Control VPN Client Settings dialog box, select your preferred language.
4. Click OK.
Kerio Control VPN Client switches to the new language immediately.

Enabling/disabling balloon messages

A balloon message in Kerio Control VPN Client is a pop-up message that appears in the Windows taskbar at the Kerio
Control VPN Client icon. To enable or disable balloon messages:

1. Right-click the icon in the notification area of the Windows taskbar.

2. In the context menu, click Settings.
3. In the Kerio Control VPN Client Settings dialog box, select Enable balloon messages.
4. Click OK.

3.1.4 Kerio Control VPN Client for OS X

1. Download and install Kerio Control VPN Client. Kerio Control VPN Client starts automatically when you install it and
you can see the Kerio Control VPN Client window.
2. In the Connection field, type a name for the new connection.
3. In the Server field, type the Kerio Control server name or IP address. If your administrator gives you more than one
server name or IP address, separate them with semicolons. Kerio Control VPN Client tries to connect to the first server. If
the connection cannot be established, Kerio Control VPN Client can then try the next server.
4. In the Username and Password fields, type your Kerio Control username and password.

Kerio Control 3 Kerio Control VPN Client | 26

5. (Optional) Select Save password to save your password in Kerio Control VPN Client.
6. (Optional) You can select Persistent connection if you have administration rights to your computer (click the lock on
the Kerio Control VPN Client window). Persistent connections are reestablished whenever you restart your computer.
7. (Optional) Select Show VPN status in menu bar to display a status icon on the right side of the main menu bar when
Kerio Control VPN Client is running.

Removing connections
To remove old or broken connections:
1. Open Kerio Control VPN Client.
2. In the Connection menu, select the connection.
3. Click the Remove button. Kerio Control VPN Client asks you if you want to remove the selected connection.
4. Click Yes.
Kerio Control VPN Client removes your connection.

Troubleshooting SSL certificates

Kerio Control requires a valid SSL certificate to verify Kerio Control VPN Client when establishing the connection to Kerio
Control. If an SSL certificate warning appears, the certificate is probably self-signed and you must insert the Kerio Control
certificate in the system keychain manually.

Kerio Control 3 Kerio Control VPN Client | 27

 NOTE
A self-signed certificate is a certificate that your administrator generated for you in Kerio Control. The certificate is not
signed by any certification authority.

1. In the Verify Certificate window warning, click the certificate image and drag it to the desktop. This creates a file with
the certificate on the desktop (for example server.example.com.cer).

WARNING
The Keychain Access application must not be running at this point. If it is running, close it.

2. Run the Keychain Access application. The Add Certificates dialog box displays.

3. Select the X509Anchors keychain. To add a certificate, you need to be logged in as an administrator.
4. In the Keychain Access application, select the X509Anchors keychain, look up the new certificate (for example,
server.example.com) and click to open it.

Kerio Control 3 Kerio Control VPN Client | 28

5. In the certificate window, scroll to the bottom.
6. Open the Trust Settings section.
7. Set the Always Trust option for the When using this certificate entry.

8. Close all running applications and log out of the system.

9. Reboot the system and establish a VPN connection to Kerio Control.
From now on, Verify Certificate warning should not display.

3.1.5 Kerio Control VPN Client for Linux

Detailed information about Kerio Control VPN Client for Linux is included in the read-me file.

3.1.6 Troubleshooting
Kerio Control VPN Client generates logs of its own activity and detected errors. Contact your Kerio Control administrator
to troubleshoot this issue.

3.2 Deleting VPN client entries on OS X

To delete VPN client entries on OS X, you must delete them from the user.cfg file.
1. On your Mac computer, go to the /Users/YOURUSER/.kerio/vpnclient folder and open the user-
.cfg file.

Kerio Control 3 Kerio Control VPN Client | 29

 NOTE
The .kerio folder is a hidden folder.

2. Search for an entry and delete it.

The individual entries are inside the <connection> tag:

<connection type="user">
<description></description>
<server>vpn.com</server>
<username>jsmith</username>
<password></password>
<savePassword>0</savePassword>
<persistent>0</persistent>
</connection>
3. Save the file.
If you want to delete all the entries, delete the whole user.cfg file.

3.3 Upgrading Kerio VPN Client for OS X 10.9.5, OS X 10.10 and later
The Kerio VPN Client for Mac running on OS X 10.9.5 Mavericks and OS X 10.10 Yosemite (or later) cannot be upgraded
to Kerio VPN Client 8.4.1. Installation fails.

3.3.1 Upgrading Kerio VPN Client

You have two options how to avoid this problem:
Install Kerio Control VPN Client 8.4.0. — This version communicates with Kerio Control 8.4.1 correctly.
Use clear installation instead of upgrade:
a. Uninstall the old version of Kerio VPN Client using installer of exactly the installed version.
b. Install Kerio VPN Client 8.4.1 works as expected.
c. If the Kerio VPN Client 8.4.1 still refuses to install or run, type this command in the Terminal: sudo rm -rf
/Library/Extensions/kvnet.kext
d. Install Kerio VPN Client 8.4.1 again.
Kerio VPN Client 8.4.1 is installed and Kerio VPN Client works correctly.

Kerio Control 3 Kerio Control VPN Client | 30

4 Authenticating with 2-step verification
The 2-step verification means you can protect your Kerio Control account and access to your company network by
requiring two independent authentication steps.

NOTE
It is possible to enable the option to force hostname for clients connected via the Kerio VPN for 2-factor
authentication. For more information, refer to Authenticating with 2-step verification (page 31).

With the 2-step verification enabled, when you want to access your company network or log into Kerio Control Statistics
from the Internet, you must use your credentials to authenticate, and also type a special time-limited code generated by
the special mobile application such as Google Authenticator. You can try the following applications:
Google Authenticator — Available for iOS, Android and Windows Phone
FreeOTP Authenticator — Available for iOS and Android (https://fedorahosted.org/)
Authenticator for iOS (http://mattrubin.me/)
Authenticator for Windows Phone (http://www.windowsphone.com/)
WinAuth for Windows OS (https://winauth.com/)
The verification code is not required if your device is connected to the Kerio Control network. Kerio Control requires the
code only if you use the Internet to access your company network:
Through Kerio Control VPN Client/IPsec VPN client
To use Kerio Control Statistics
To use Kerio Control Administration

4.1 Enabling the 2-step verification

You can enable the 2-step verification in your account in Kerio Control Statistics.

NOTE
If you administrator sets the 2-step verification as compulsory, you must follow the steps in this section to enable the
2-step verification in Kerio Control Statistics.

To enable the 2-step verification, you must pair your device with your Kerio Control account:
1. Install the authenticator application on your mobile device.
2. Log into your account in Kerio Control Statistics.
3. Click 2-Step Verification.

Kerio Control 4 Authenticating with 2-step verification | 31

4. Open the authenticator application and scan a QR code or type the code shown below the QR code. You get a six-
digit verification code that is time-limited. The authenticator generates a new code every 30 seconds. All codes gen-
erated on the basis of the Kerio Control QR code are valid for Kerio Control authentication.
5. Type the verification code in Kerio Control Statistics, as shown below.
6. Click Verify.

From now on, you authenticate with the verification code generated by the authenticator. For example, to connect to the
Kerio Control Statistics page:
1. Type the Kerio Control Statistics URL in your browser.
2. On the login screen, type your username and password.
3. Click Login. The 2-step verification page appears.
4. Open the authenticator and type the Kerio Control code in the box provided.

Kerio Control 4 Authenticating with 2-step verification | 32

5. Select Remember me on this device. Your browser remembers the connection for the next 30 days from the last con-
nection, so you do not have to type the code every time.
6. Click Verify.
Kerio Control redirects you to Kerio Control Statistics.

4.2 Disabling the 2-step verification

1. Type the Kerio Control Statistics URL in your browser.
2. On the login screen, type your username and password and then the verification code.
3. On the Kerio Control Statistics page, click 2-Step Verification.

4. Generate a new code in your authenticator.

5. Type the code in the Verification code field.
6. Click Disable.
Kerio Control disables the 2-step verification for your account.
From now on, the 2-step verification is in the initial state and you can enable it again.

Kerio Control 4 Authenticating with 2-step verification | 33

 IMPORTANT
If you lose your mobile device, ask your system administrator to disable the 2-step verification for you. If your
administrator sets the 2-step verification as compulsory, you must enable it in Kerio Control Statistics again before
accessing your company network from the Internet.

4.3 Enabling the 2-step verification when you use Kerio Control VPN Client
1. Install Kerio Control VPN Client 8.5 or later.
2. Connect to Kerio Control VPN Client as usual.
3. Kerio Control VPN Client automatically opens the 2-step verification page in your browser:
If you have a device paired with your account, type the new code from your authenticator. For more inform-
ation, refer to Enabling the 2-step verification (page 31).
If you don't have a device paired with your account, click Continue and follow the steps in Enabling the 2-
step verification above.

4.4 Enabling the 2-step verification when you use IPsec VPN client
1. Connect to IPsec VPN client as usual.
2. Go to your browser and open any page. Kerio Control opens the 2-step verification dialog box:
If you have a device paired with your account, type the new code from your authenticator.
If you don't have a device paired with your account, click Continue and follow the steps in Enabling the 2-
step verification above. For more information, refer to Enabling the 2-step verification (page 31).

Kerio Control 4 Authenticating with 2-step verification | 34