How to set up an SSTP VPN on Windows Server 2016
Вставка
- Опубліковано 18 жов 2024
- In this tutorial you will learn how to create your own SSTP VPN with a self-signed certificate on windows server 2016.
I will be using a windows 10 client to test my connection.
//IMPORTANT FOR OUTSIDE CONNECTION. PLEASE CLICK SHOW MORE!
One thing i forgot to mention is to make sure that your ports are forwarded to your server for connections outside your local network.
If you like this video please subscribe and if you have any questions you can ask in the comment section.
Overall, not bad, but there are two things you have wrong. The first is the "CN" name when creating a certificate. No, it cannot be "anything you want." Adding any old CN name to the certificate will almost surely result in a rejected connection - especially when communicating with a production server over the internet in a real world scenario. You can add more than just one CN name to your certificate, and if you wish for successful & trouble-free connections, it would be wise to add at least the server's internal FQDN, as well as the external FQDN (domain name that points to your public IP address). However, it would also be a good idea to add the external IP address to the list of CN names, as well as the server's internal IP address. Anyone outside of a lab environment who explicitly follows your directions will receive an error on the client side indicating "the certificate's CN name does not match the passed value" (Windows 10 client). The other issue I noted was when you mentioned near the end you need to install the "Network Policy and Access Services Role." This is simply not true, nor is it entirely necessary. Installing it can help harden security, but is it mandatory? No. Hope this helps some of your viewers resolve some of their certificate issues.
Thanks Brad
Can you tell me if I did mine right? ua-cam.com/video/2AjpouG73c0/v-deo.html
Thanks a lot!
Hi i am still getting error 800 it says trying to connect with mini port PPTP wan connection.
Do you think that is there any problem with my router because when i come same network of server the it works otherwise it do not connect.
I even try both method sstp and pptp both gives me error but when i goes on the same network of my server it connects and works fine.
can i join a non domain machine to the company vpn server ?
Hi, thank you for your tutorial.
It is possible to obtain the default getaway from the server to the client VPN.
I need to be connected to my server with VPN connection and have access to internet.
Thank you in advance
For whatever it sounds like you want to do, check: ua-cam.com/video/2AjpouG73c0/v-deo.html
When i try to connect from the client Windows 7 Pro i obtain the error 0x80092013: "The revocation server is offline .....
I have the same issue ... did you find a solution ?
Watch the last part at 27:00
Hey when I select the certificate at the security tab it pops an error saying "The certificate used for sstp is different than the certificate bond to SSL . Any help?
sweet Jesus i am 2months late, never remember getting notifications. if u are still having this issue can u post any screenshots?
After following the steps, i get this error message when trying to connect.
"The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server."
I've double checked username and password, and it's the same username and password i used to log into the certsrv to download certificates.
Any tips?
did you portforward in your router?(if you are trying to connect outside local connection) or did u allow 443 in your firewall? if you did, did u try the step at 27:00
Appreciate the reply!
Server has the port forwarded, currently i'm just trying to connect from within the network though. Also allowed 443 in my firewall.
Finished the regedit step without any luck.
When attempting to login, my server produces the error code 20249 "The user X has connected and failed to authenticate on Port Y. The line has been disconnected".
ok, dont get it. you connect from the client through vpn to a server. You then add manually the certificate to the client. So your first vpn connection isnt secure. 2nd, maybe i missed that somehow, i never see you adjust something in vpn so it connects with the certificate. Am i missing something?
uhm ye i downloaded the certificate from the certsrv and put it on my gf's laptop which starts at 22:51 lol. Unless thats not what u meant let me know. And ye about not being secured. You have to make it secured yourself which is why u have to download the certification on the client PC. Why? Because not everyone can buy ssl secure certificates from microsoft just for school projects or personal needs :/
Nice job Pastechi, maybe we can collaborate on videos sometime (team up?)
If you want to use Let's Encrypt, I made a video over here ua-cam.com/video/2AjpouG73c0/v-deo.html
Den DRE , you are right , this guide is missing stuf. he sets up pptp. sstp does not function. When he connects with the client it is on automatic. and only pptp works.
@ikkenweer can you check my video on SSTP to tell me if I did it right?
Hi at 12:11 my VPN box in the routing and remote access server setup wizard is greyed out. Any suggestions?
Can u post a screenshot?
sweet Jesus i am 2months late, never remember getting notifications. if u are still having this issue can u post any screenshots?
1- Enterprise CA was locked out for me and I couldn't select it if you are wondering where is that : i.imgur.com/BZ1oGve.png
2- No certificate templates folder in MMC : i.imgur.com/z7sVaKu.png (Is it related to #1) ?
i think the reason why u cant find enterprise CAand the certificate templates are empty is because you did not put your server in a domain controller. When you install your windows server the first thing you need to do is add it into a domain controller. Try this and let me know how it goes. If you didnt install Domain Controller in the beginning before installing any other services then this should be 90% the issue. Let me know how it goes and if it worked
Yeah I didn't add a domain controller at all or anything related to it that's why i was asking if there are any prerequisites or other requirements I will do a search and see how to install the domain controller.
if u are not gonna try reinstalling your windows server 2016 from scratch the """"ONLY""""" way to install the domain controller is by uninstalling """""ALL"""" the services you installed in your server manager. Which at sometimes takes more time than just reinstalling from scratch. If you didnt enable allot of services already then you are fine to remove all of them. if you installed allot of services already, i think reinstalling the server will spare you more time
Hi I get an error message at 13:49, unable to find file? Any idea.
unable to find file while you are trying to turn on the routing? whats the error code?
VPN type was left to auto, not selected to SSTP, so all the work and this video was for nothing. Probably you connected through PPTP.
Sorry i wasn't arivved to modify the registry key
If anyone wants a shorter tutorial: ua-cam.com/video/2AjpouG73c0/v-deo.html
Also Pastechi, can we team up and make videos together?
So much HORSESHIT just to make VPN work just to access your drive at work. Bullshit. Things used to be so simple.
Job security.