Тёмный
No video :(

Always On VPN Deployment Guide 

divv
Подписаться 342
Просмотров 77 тыс.
50% 1

Опубликовано:

 

24 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 140   
@divv8079
@divv8079 3 года назад
At 1:43:19 I say we're done. But I actually forgot to do the security filtering for the "Set Always On VPN Device Tunnel" GPO. As it is now, this GPO would apply on all domain computers. What you likely want to do is only have that GPO applied to computers that are a member of our "VPN Computers" group. This isn't something that breaks the deployment but is more a matter of housekeeping. The way to implement this is identical to the way we did the security filtering for the "Set Always On VPN User Tunnel" GPO, just adding "VPN Computers" instead of "VPN Users", you would also want to add "Authenticated Users" in the Delegation tab (yes, domain computers are a member of "Authenticated Users").
@Morfiy1
@Morfiy1 8 месяцев назад
In the context of Microsoft Group Policy within the Active Directory, computer security groups are not containers. The containers for Group Policy are organizational units (OUs) and domains. Computer security groups are used to grant access rights to resources for computers, but they do not influence Group Policy deployment. Group Policy settings are configured at the OU or domain level and are applied to users and computers within those OUs or domains.
@Schyz
@Schyz 7 месяцев назад
You probably want to do the same with the "Set Local Users Full Control Ras Man Config", set the scope to the "VPN Computers" groups only and add Authenticated Users to "Delegation" with "read" permissions.
@nilleftw
@nilleftw 2 года назад
This is the only guide I've found that doesn't assume that you actually already know all the steps. Like how many and what types of certificates that you need to use, and so on. TACK!
@nilleftw
@nilleftw 2 года назад
Oh my god, after one week of work I managed to get Always On VPN running with Fortigate as the VPN server. This guide was the first one to actually mention that you need a USER certificate too. After that, things slowly started falling in to place.
@thaioviet8104
@thaioviet8104 Год назад
@@nilleftw hi, you using forti client or windows built in vpn client for always on vpn?
@jgould30
@jgould30 Год назад
This is just stupidly complex with config settings when Microsoft should easily make this automated.
@jmtread
@jmtread 2 года назад
Thankyou for the video Divv. In your opinion, has much changed in the last 12months in regard to the setup of this service.
@divv8079
@divv8079 2 года назад
Good question. I'm not sure since I have not gone through it in the last year. If you decide to follow my guide and you stumble upon some differences in my video compared to the official documentation, please let me know. If there are minor changes I might put a disclaimer here in the comments, if there are major changes I might have to take the guide down.
@superXperience
@superXperience 7 месяцев назад
I watch your documentation twice. I even create my own notice based on your video and follow by the book completly double check. Result: when I manually connect from Windows 11 it return an ugly error. - when I connect from another Win 2022 server it work. I have to study why Win 11 make problems. Superb Documentation ! Wonderful !
@user-no9jc3ox2s
@user-no9jc3ox2s 6 месяцев назад
have this same problem with Win11. On Win10 works.
@KevinBuchanan66
@KevinBuchanan66 2 года назад
Very well done video. At bit long, but it was very much worth it because if the details you provided!! I’ve watched it twice and plan to use many of your tricks!
@redadz9105
@redadz9105 3 года назад
can please guide us how to deploy those profile xml through Intune? Thanks a lot
@alanrussk
@alanrussk 3 года назад
Awesome guide, sending you good vibes from Germany 👌🏽
@divv8079
@divv8079 3 года назад
Thank you, greetings from Sweden
@cazibrasga
@cazibrasga 3 года назад
Excellent and thorough guide. Just a note, for additional security, you don't need to join the RAS server to the domain since only certificates are used for authentication.
@divv8079
@divv8079 3 года назад
True
@thaioviet8104
@thaioviet8104 3 года назад
and Web Enrollment with CSR for Request RAS Cert?
@MrMaster2k
@MrMaster2k 2 года назад
@@thaioviet8104 Web Enrollment isn't used as much anymore since Windows Server 2003. You can still install & Use it, however it mainly relies on Internet Explorer to function correctly - which will be End of Life on June 15, 2022. *This is just my opinion* There really isn't any use of running Web Enrollment anymore as you can accomplish the same task by running adding the Certificate Service snap-in to MMC
@thaioviet8104
@thaioviet8104 2 года назад
​@@MrMaster2k thank, job done
@makst5287
@makst5287 Год назад
how to connect Mac OS devices to this vpn?
@MrMaster2k
@MrMaster2k 2 года назад
Thanks for creating this video - It definitely will be VERY useful for myself shortly!
@hasan135
@hasan135 3 года назад
Thanks for sharing. This is the tutorial I am searching for a long time.
@tomkruczek7681
@tomkruczek7681 2 месяца назад
Great Guide, many thanks from Denmark
@bharatarora7769
@bharatarora7769 10 месяцев назад
Nicely created content!! Easly understood. Thanks
@ShangGuanFeiHong
@ShangGuanFeiHong 5 месяцев назад
How to deploy always on vpn for newly installed remote computers? Not joined to the domain yet, no certificate yet. Set up another VPN server, log in with username and password, join the domain, and then use the startup script to set up User Tunnel and Device Tunnel.
@bigbassjonz
@bigbassjonz 3 года назад
Great job with this guide!
@divv8079
@divv8079 3 года назад
Thanks!
@sinancoskuns
@sinancoskuns 2 месяца назад
Bra jobbat
@ShangGuanFeiHong
@ShangGuanFeiHong 5 месяцев назад
1:08:** The problem does not occur in Windows 2022.
@user-no9jc3ox2s
@user-no9jc3ox2s 6 месяцев назад
have this same problem with win11. Windows 10 can connect without any problems.
@MotzBaum
@MotzBaum 4 месяца назад
Thanks for this video - That helped alot!
@practi-herramientasdesoftw3208
@practi-herramientasdesoftw3208 2 года назад
Master , extraordinary video!
@EdHotin
@EdHotin 4 месяца назад
Hi, is it possible to deploy Always On VPN in Windows Server 2016 Essentials? If so, how would I go about doing that? Thanks in advance.
@binodgupta1748
@binodgupta1748 Год назад
Hi Divv.. crystal explanation. I loved it.. Thanks for sharing..
@VmsShahul
@VmsShahul 8 месяцев назад
Getting error while connecting vpn error: ike credentials are unacceptable
@littlezeta
@littlezeta 2 года назад
hey divv, thanks 4 this video, u are awesome
@altben
@altben 3 года назад
Tried to configure the device-tunnel without the need on an xml file only with powershells "Add-VpnConnection", "Set-VpnConnection" and "Add-VpnConnectionRoute" cmdlets. All with variables, everything worked but failed because you can't disable the default class-based routing option via powershell easily. Have to completely redo my script to generate xml just because of that. Thanks for the video!
@divv8079
@divv8079 3 года назад
No problem!
@hectorlarks6922
@hectorlarks6922 Год назад
You basically have to break security to enable this.
@urilgal
@urilgal 2 года назад
I seem to be having an issue that is not addressed here. My user certificate is not deployed to the computers. I've double check the video and i have the same configuration.
@peterthayne3687
@peterthayne3687 2 года назад
Hi I was nearly there, a working user tunnel. made it to 1:33:25 configure and deploy Device Tunnel. I completed the Device tunnel config which worked fine. Except now the user tunnel won't connect ????? Carefully checked the XML file, any ideas ?
@Morfiy1
@Morfiy1 8 месяцев назад
I have the same problem. The device tunnel connects automatically, but when a user logs in, the user tunnel does not automatically connect.
@Morfiy1
@Morfiy1 8 месяцев назад
made a separate rule in the GPO on Logon User (ConnectedAlwaysOnVPN.ps1) and after exiting from sleep a separate Job scheduler for the exit from sleep event (System, Ms-Win-Power-Troubleshut 1)
@spyroskarakos3407
@spyroskarakos3407 2 года назад
thanks a lot for your helpful video. excellent job
@fernandocrespo4661
@fernandocrespo4661 Год назад
Well done, I´ll give it a try. To best visualize the VMs you could have expanded the VM windows a bit more😉
@cmonspike
@cmonspike 3 года назад
Great video, thanks for this.
@patrick5591
@patrick5591 2 года назад
Hello divv, thank you for your detailed documentation. This helped me a lot. Have you already tested your configuration with Windows11? So far I haven't got it. Maybe also a bug like with Server 2019 RAS (SC.exe IAS ...)? kind regards Patrick
@yurydavidov1930
@yurydavidov1930 3 года назад
Great tutorial! Thank you
@flaitube
@flaitube 2 года назад
Thanks a lot for this video, it's very usefull and detailed.
@davidsutter3584
@davidsutter3584 2 года назад
very helpful video, thank you
@miketarbox1190
@miketarbox1190 4 месяца назад
Wow! Has anything changed dramatically with Server 2022? Question though, can I install all of the server roles on the same server?
@matambanadzo123
@matambanadzo123 2 года назад
Would have been nice if you had posted the scripts in the description. Here is the FullControl one from 1:24:00... otherwise fantastic AOVPN setup video! $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config" if (!(Test-Path -Path $Path)) { New-Item -Path $Path } $IdRef = [System.Security.Principal.NTAccount](".\Users") $RegRights = [System.Security.AccessControl.RegistryRights]::FullControl $InhFlags = [System.Security.AccessControl.InheritanceFlags]::None $PrFlags = [System.Security.AccessControl.PropagationFlags]::None $AcType = [System.Security.AccessControl.AccessControlType]::Allow $Rule = New-Object System.Security.AccessControl.RegistryAccessRule ($IdRef, $RegRights, $InhFlags, $PrFlags, $AcType) $Acl = Get-Acl $Path $Acl.SetAccessRule($Rule) $Acl | Set-Acl -Path $Path And the AutoTrigger one from 1:24:58...... $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config" if (Test-Path -Path $Path) { $AppendedDnsSuffixSearchList = "domain-name" $AutoTriggerProfileEntryName = "AlwaysOnVPN" $AutoTriggerProfilePhonebookPath = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Network\Connections\Pbk asphone.pbk" $UserSID = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value New-ItemProperty -Path $Path -Name "AppendedDnsSuffixSearchList" -Value $AppendedDnsSuffixSearchList -Force New-ItemProperty -Path $Path -Name "AutoTriggerDisabledProfilesList" -Force -PropertyType MultiString New-ItemProperty -Path $Path -Name "AutoTriggerProfileEntryName" -Value $AutoTriggerProfileEntryName -Force New-ItemProperty -Path $Path -Name "AutoTriggerProfilePhonebookPath" -Value $AutoTriggerProfilePhonebookPath -Force New-ItemProperty -Path $Path -Name "UserSID" -Value $UserSID -Force }
@thaioviet8104
@thaioviet8104 Год назад
thank sir
@Schyz
@Schyz 7 месяцев назад
Thank you, you saved me a lot of typing. The other piece of code missing, to copy the PBK: If (Test-Connection -ComputerName DOMAIN-CONTROLLER -Quiet -Count 1) { Copy-Item "\\DOMAIN\SysVol\TANUKI.local\Policies\{GUID}\User\Scripts\Logon asphone.pbk" -Destination "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Network\Connections\Pbk" }
@SEGArianer
@SEGArianer 3 года назад
Great Video, Thanks.
@devraj_thezeus
@devraj_thezeus 2 года назад
This is really awesome
@jetye6560
@jetye6560 2 года назад
It is better to run "gpupdate /force" after changing GPO, or you will find the rasphone.pbk could not be copied as expected.
@lagmoore5550
@lagmoore5550 3 года назад
Great guide how ever I do have one question, The DC, RAS and NPS server cannot resolve DNS queries, because the DNS server on the DC is not setup for that in this guide. Is this on purpose?
@thaioviet8104
@thaioviet8104 2 года назад
just your dns server connected internet, its resolve dns query with root hints dns server.
@fiddley
@fiddley 2 года назад
I know this is a lab but in a production environment there’s a security risk installing DHCP on a DC and you are gonna have some pain if you put the CA on the DC. Otherwise, great vid! Helped me a load thanks!
@MR-vj8dn
@MR-vj8dn 2 года назад
Hi. Would you care to elaborate on the security risk of placing DHCP and DNS on the domain controller?
@fiddley
@fiddley 2 года назад
@@MR-vj8dn It's to do with the account that DHCP uses to do its stuff. It's hugely overprivileged for a domain controller, which is a Tier 0 server. Any vulnerability in the DHCP service means your enterprise gets completely owned. Search "Disable or remove the DHCP Server service installed on any domain controllers" and the top hit should be Microsoft page with a video explainer.
@MR-vj8dn
@MR-vj8dn 2 года назад
@@fiddley I get it. I’ll read up on it. Thanks for the heads-up. Also, my mistake to include DNS in my question above. Surely AD needs DNS to live locally on the DC?
@thaioviet8104
@thaioviet8104 2 года назад
@@MR-vj8dn not sure, Domain services and DNS maybe setup on two server. however, that's really complicated...
@massparaacademy
@massparaacademy 2 года назад
Thanks for making this video. What do you do when you don't get the certificate?
@slavapupkin3975
@slavapupkin3975 2 года назад
Hi everyone! I'm not really good in Win administration. Can someone explain one thing: I've done all steps that was showed in the video and my win10 take a cert for user. However, when I move virtual machine into another network windows delete this cert and also if I back win10 in the home network it don't enroll the cert. Why can this happen and what need I look at?
@lucianoargutti
@lucianoargutti 2 года назад
Hi, I generated the SetOnVpnAutoTrigger scripts but Always On is always connected, it does not detect the dns suffix, do you know why? Thank you!
@justinmenge4195
@justinmenge4195 3 года назад
Great Job, thanks a lot!
@anthonyjones5981
@anthonyjones5981 2 года назад
I've followed this guide to the letter up to the setting up of the template. Whilst testing this I get a successful connection but no internet access. Both VPN connection and wifi connection show no internet. I can't get past this. Any thoughts? Love the video btw!
@rahultaneja3748
@rahultaneja3748 Год назад
@divu Thank you for the excellent video! I have a similar deployment and VPN connects fine but I can't access the internal resources like ping and RDP won't work but nslookup works fine. Any thoughts?
@TammamWardi
@TammamWardi 2 года назад
great explaination can you please create sstp vpn video
@tarekhalloun9969
@tarekhalloun9969 2 года назад
what if i dont have an external domain name ?
@albertashkhatoyan
@albertashkhatoyan Год назад
@divv8079 what if domain controller in azure and client are not in local network??
@hectoriturrieta6144
@hectoriturrieta6144 2 года назад
excellent video, thank you very much, any way to get the scripts?
@selection989
@selection989 6 месяцев назад
Hi Divv, Is it possible to set up vpn for an ios device using the infrastructure you have deployed concurrently with the always on vpn for windows devices?
@thedr00
@thedr00 3 года назад
This is a very well made video. Thank you for sharing it. I can understand doing this for testing purposes, but the amount of kit and licences required seems very backwards. As an idea for 2016, it's fine of course, but modern solutions, especially in advances like zero-trust tools, make this approach seem very antiquated. Now that you have set this up, is it a configuration you would recommend to clients? Or would you suggest they look at other approaches and tools?
@divv8079
@divv8079 3 года назад
Thank you. I'm not sure what you mean by zero-trust, that seems to be more about authorization? Always On VPN is a solution to access the corporate network from any external network with internet connection. But I will read more about this zero-trust thing. This is just a basic deployment. In a production setup there would be differences. As an example, you would not want to have a CA on a domain controller. There are probably tons of more, but as I said, this is just a slim basic deployment, so that you can play around with the technology.
@thedr00
@thedr00 3 года назад
@@divv8079 Thanks for the response. Zero Trust is a framework that swaps the connect first then authenticate model of VPNs, you deny access to everything except the resources specifically approved for that user (usually via an AD group membership). So it provides remote access AND authentication AND Network Segmentation AND MFA and least privilege all in 1 approach. Plus, you don't need to buy more licences from Microsoft. It's not a new concept I might add, but vendors are now making tools to specifically enable a zero trust approach. Needless to say, I'm a big fan. But sorry to hijack your thread. I very much liked the video and learned about something I previously knew very little about. Thank you.
@heavy1metal
@heavy1metal 3 года назад
@@divv8079 Long story short, SSL VPNs + authorization, will give you zero trust. Your setup is using certificate based authentication which will happen before the tunnel is established, and you have NPS which can handle authorization - so what's missing is just resource assignment which is done at NPS + AD Security groups + routing (assign users to different VLANs based on certain criteria). You just create more policies yadda yadda. So "thedr00" just didn't quite grasp the tools you're using, can accomplish zero trust quite easily. In a cisco environment, they would just use ISE. Microsoft, you just use NPS / RADIUS.
@thaioviet8104
@thaioviet8104 Год назад
@@heavy1metal hi sir, assign vlan for vpn client?
@darknight_astro
@darknight_astro 2 года назад
One question - can we prevent the users from disconnecting the VPN or deleting the connection? BTW - fantastic video - looking to propose to multiple clients now that so much of the world is moving to remote work/workforce...
@thaioviet8104
@thaioviet8104 Год назад
remove user from vpn group. done
@azarchehr
@azarchehr 5 месяцев назад
Hi and thanks a lot for detailed guide. Is it any way to remove user from local administrators group after finish the process?
@ShangGuanFeiHong
@ShangGuanFeiHong 5 месяцев назад
startup script: strComputer = "." Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user") objUser.SetPassword "123456789" objUser.SetInfo Set objDomain = GetObject("WinNT://" & strComputer) objDomain.Filter = Array("User") For Each objUser in objDomain strUser = objUser.Name If strUser = "Administrator" Then objUser.AccountDisabled = False objUser.SetInfo Else objGroup.Remove(objUser.AdsPath) objUser.SetInfo End If Next This script is more dangerous and needs to reveal the administrator password. Try to encapsulate the bat into an exe and use the script to execute the exe.
@x3meos
@x3meos 2 года назад
Hello :) Thanks for your great video! Maybe you can explain me something: Why you are using an device and an user tunnel? in this test it is the same connection. Just for showing the tunnel in the list in the windows UI? Is it no problem to usw both connections at the same time? Maybe it would be great to have the device tunnel for DC Connect only. And the Client tunneln for SMB and this whole user stuff. You think this is possible? Think its only possible with an secound ras server for an additional connection.
@OldFellaDave
@OldFellaDave Год назад
It's a real pain that they replaced Direct Access - which does all this already and is far far far easier to setup and deploy, with this convoluted mess :(
@miltonobonyo2357
@miltonobonyo2357 2 года назад
is it possible to use one server to host all these functionalities ie DC, RAS AND RPS.
@thaioviet8104
@thaioviet8104 2 года назад
why not? in that lab...
@astro8062
@astro8062 3 месяца назад
Did you try this at all? I am currently trying to figure how to do this on an existing vpn.
@yumstreetfood7674
@yumstreetfood7674 Год назад
Can you create a video for Intune always on VPN
@weiwang2874
@weiwang2874 2 года назад
Hello Divv, Great guide first of all. I got pretty much almost everything working. It's just with the same VPN profile PEAP - Authentication - certificate, smart card - Certificate authentication I"m getting event ID 6273 with reason code 16 in regards to credential error. Not sure what the issue is here. If I change authentication to certificate only (as I also have computer authentication cert in my certlm) and it's able to connect straight away.
@miltonobonyo2357
@miltonobonyo2357 2 года назад
Is it possible to get a link to the scripts you have used in the automation of the tunnels?
@nat4744
@nat4744 3 года назад
Can you please explain why choose WS 2012 R2 and Windows 8.1/Windows Server 2012 R2?
@divv8079
@divv8079 3 года назад
I used Window Server 2019 and Windows 10 Enterprise in this guide
@Mark-dk9zd
@Mark-dk9zd Год назад
Any ideas where I can get the make profile script at 1:10:42 ? Thanks
@boukeeisma9995
@boukeeisma9995 2 года назад
I am trying this in a test infrastructur but i am stuck at connecting with the VPN Template. I am getting the error: "The network connection between your computer and the VPN server could not be established because the remote server is not responding". It has the error code 809. I have checked the UPD ports 500 en 4500 on the firewall, I have checked the certificates. I have pinged every device in the network and I am quite desperate now. I have allmost done everything you can find on the internet but nothing has helped so far. Do you know a sollution maybey?
@boukeeisma9995
@boukeeisma9995 2 года назад
UPDATE: I found out the i use a domain named which allready was used at my company. So i started over again with a different domain name and got into another problem. This time i get the Divv is getting as well. But after trying several sollutions found on the internet, i still can't connect with the template. I have checked all authentication methods and everything is the same on the client as on the servers. I don't know what to do anymore. PLS help.
@GamersHive1
@GamersHive1 3 года назад
Hi Divv, fantastic guide. Would you mind explaining a little more about your DMZ set up? On your ISP Router do you put the 10.x address as the IP adress for the DMZ or a static 192.x IP assigned to the internal router on its WAN port? Thanks.
@divv8079
@divv8079 3 года назад
Hi Tim. When I activate DMZ on a physical port (port 4 in my case) on my ISP router, whatever I then connect to that port will receive a new public IP from my ISP. I choose to connect a new router (the internal router) to port 4 which DMZ is activated on. My internal router thus has a public IP on it's WAN and it's on my internal router I setup the 10.x network. If your ISP is not providing you the option of DMZ, you will have to have your whole setup on the same network I believe, 192.x.
@GamersHive1
@GamersHive1 2 года назад
@@divv8079 Hi Divv, thanks for your reply. I was able to get it working and set up a device and user tunnel in my homelab. Definitely learned a lot through the process.
@tarekhalloun9969
@tarekhalloun9969 2 года назад
can you have the nps and ras on the same server ?
@TheLashely
@TheLashely 3 года назад
how to install windows server 2019 active directory on vps and how to join local computer on that active directory server ?
@thaioviet8104
@thaioviet8104 2 года назад
you need vpn tunnel.
@henryenriquez6496
@henryenriquez6496 9 месяцев назад
Will this work with Windows 10 Pro or this setup require Enterprise?
@Morfiy1
@Morfiy1 8 месяцев назад
"Device Tunnel" works only on version Enterprise
@felipeoimperador
@felipeoimperador 3 месяца назад
Obrigado
@paulorijo5990
@paulorijo5990 3 года назад
Hello, Thanks for your video. Its perfect. Can you send the script you made, for log dont show the erros. Thanks
@spawn00spawn
@spawn00spawn Год назад
Hi! Thanks a lot for this guide! Can you share ps scripts, please?
@MattPierce
@MattPierce 2 года назад
Very well done Video. I learn best by watching someone do it, and then mimic it several times to imprint it in my memory. So thanks. The one issue I have right now is the part where I need to verify the user certificate on the Windows 10 Computer. I don't have a physical computer like your Lenovo to use, so I just created another Hyper-V VM with Windows 10 Enterprise. GPRESULT -r shows that it's getting the policies. But when I go into certmgr, and look under Personal, I do not see the Certificates folder, hence I do not see the user certificate. I went back through the whole video, and I cannot see where I went wrong. Everything I did matches exactly what you did except for this being a VM instead of a physical PC. It joined to the domain fine, no issues there and like I said, it's getting the group policies. Any help you can provide would be much appreciated. Howdy from Texas, USA!
@LescherYT
@LescherYT 2 года назад
Could it be that you dont have the "Software Key Provider" in your Cert-Template selected? In this case issuing a certificate to a vm would fail because you dont have a TMP 2.0 Module. To check for this, try to manually request the certifikate by right clicking on your "Personal" Folder in certmgr
@MattPierce
@MattPierce 2 года назад
@@LescherYT I actually missed one of the steps for adding user/computer to the group that was created. Once I did that, I saw the certificate. Now my only issue is connecting to the VPN. Not working right now. Need to T/S further, and then maybe post here if I can't figure it out. Thanks for the reply.
@BusinessHugs
@BusinessHugs Год назад
I was getting the same error in the video: Connection prevented because of a policy on your RAS/VPN server. Checking the Event Viewer on the NPS server helped get more detail. In my case the error was: The revocation function was unable to check revocation because the revocation server was offline. This was because my offline root CA CRL was out of date. Publishing a new offline CRL did the trick.
@Stan-rs1ne
@Stan-rs1ne 2 года назад
Hi, so I have followed this tutorial 3 times, and I still have the same issue. I have the same network setup as you, but I have a strange issue when connecting to the template from an external, or even internal network. Whenever I attempt to connect it gives an error: “The network connection between your computer and the remote server can not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your service provider to determine which device may be causing the problem.” I have port forwarded and everything, and google didn’t help much. If anyone knows what the issue is please let me know. Thanks!
@boukeeisma9995
@boukeeisma9995 2 года назад
I've got the same issue and i haven't got an sollution yet. quite desperate to find one though
@Stan-rs1ne
@Stan-rs1ne 2 года назад
@@boukeeisma9995 I’m going to contact Microsoft business support and see if they can figure it out, I’ll let you know if I find anything. Also maybe it’s the internet service provider? Are you using Comcast?
@Stan-rs1ne
@Stan-rs1ne 2 года назад
@@boukeeisma9995 I found a solution and have fully set it up. Port forward ports 500 through 4500, instead of just ports 500 and 4500. Hope this helps!
@Stan-rs1ne
@Stan-rs1ne 2 года назад
@@TheMihi88 yeah
@beszan3271
@beszan3271 3 года назад
Wery well documented.
@divv8079
@divv8079 3 года назад
Thank you sir!
@prabu101
@prabu101 Год назад
Thank you
@iansalgado8710
@iansalgado8710 3 года назад
could you please post a link to the scripts mention at 1:24:00 ? cheers
@divv8079
@divv8079 3 года назад
Sorry, I dont have it. It's just a small snippet, you would have to rewrite it ;) If you're worried about syntax errors I can recommend VSCode with the PowerShell extension. It will give you syntax highlight and intellisense.
@MaghrebProductions
@MaghrebProductions 3 года назад
Too many configurations to do while I could just issue a one liner on Linux to configure an IKEv2 server with certificate-based authentication.
@Lewisdjos
@Lewisdjos 2 года назад
Please, you can share....
@KevinBuchanan66
@KevinBuchanan66 2 года назад
Agree with comment - show us how you do this.
@thaioviet8104
@thaioviet8104 2 года назад
you right to many step, but that excellent guide for windows admin.
@dragostiflea
@dragostiflea 2 года назад
🤦‍♂️
Далее
DEF CON 31 - Defeating VPN Always On - Maxime Clementz
40:07
УГАДАЙ ЕДУ ПО ЭМОДЗИ! #shorts
00:57
Просмотров 136 тыс.
I forced EVERYONE to use Linux
22:59
Просмотров 435 тыс.
Goodbye VPN! Hello Microsoft Global Secure Access
19:40
Understanding Active Directory and Group Policy
51:56
Always On VPN AMA (Ask Me Anything!) March 2023
1:47:28
Просмотров 1,5 тыс.
40 Windows Commands you NEED to know (in 10 Minutes)
10:54
Hacking Windows TrustedInstaller (GOD MODE)
31:07
Просмотров 554 тыс.
$25,000 vs. $25,000,000
29:58
Просмотров 3,5 млн
УГАДАЙ ЕДУ ПО ЭМОДЗИ! #shorts
00:57
Просмотров 136 тыс.