In part 1 and 2 of this series we discussed the VPN role and its step by step installation, configuration and integration with the RADIUS server
For more information, please check Part 1 and 2 from this series.
In this part we will be discussing the Client side and how to setup the VPN on Windows machines (Screen shots will be on Windows 10 machine) and common issues after installation.
VPN Client Configuration:
- On a windows 10 computer, open the Setting – Network and Internet – VPN and Add a VPN connection
- Connection type will be Windows (built-in) and you can pick any name for the connection name. The server name/address should be the FQDN that you have HTTPS traffic directed on your network. This name should match the name of the SSL certificate you bought and configured during the VPN (Security TAB – Please check Part 2). We will be using in our scenario SSTP as agreed (we only allowed HTTPS). Sign-in will be using Username/Password and remove the check box to remember my sign-in.
- One common issue after the user gets VPN connected being unable to connect to normal Internet sites (Google, Microsoft) because all traffic is now pushed through the VPN tunnel (Your machine looks as if its inside the domain) so if you have proxy server in your network then you need to add it to your browser. A quick fix is split tunneling where all corporate traffic go through the VPN and normal Internet traffic from your normal Wireless or Home connection. In order to do this you need to go to the Network connections and get the properties of the newly created network (Test VPN in our case) – Properties – IPV4 – Advanced and remove the check box of “Use default gateway on remote network” – Check below screen shots
- Now you are ready and the user can double click the Test VPN from the VPN tab in the settings or from the Wireless connections and enter his/her user name and password. Make sure to enter it in the format domainusername (remember this is Home computer or work group device with no information on your domain.)
At that point your VPN status should be connected and you are ready to access your corporate resources, applications and data.
- I can’t map any share or RDP to my client/Server ?
- I can’t map or access my DFS root shares ?
This is a very tricky situation. Logically this is normal since DFS is based on Active Directory domain structure and the VPN is a work group client who cann’t connect to the domain controller and get the Server referral.