Configuring a Client-to-Site VPN using RADIUS (NPS) Server Authentication in Windows Server 2022
Вставка
- Опубліковано 7 лип 2024
- In this video, I provide a demonstration of the deployment of a Client-to-Site (C2S) Virtual Private Network (VPN), which uses RADIUS server authentication using Windows Server 2022's Network Policy and Access Server (NPS) server role in an Active Directory environment.
============================================================
Time Stamps
00:00 Video Introduction
00:52 Network Topology Overview
01:54 RADIUS Terminology
03:27 Lab Setup
04:04 Network Policy and Access Server Role Installation
05:30 Registration of the NPS Server with Active Directory
06:12 Verification of NPS Registration
07:10 Creation of AD Users and VPN Security Group
10:01 Verification of User Network Access Permissions
11:32 NPS (RADIUS) Server Configuration
16:05 RADIUS Properties Review
16:57 RRAS Server Role Installation
18:17 RRAS and VPN Configuration
19:14 RADIUS Client Configuration
21:43 VPN Static Address Pool Configuration
23:05 Windows 10 Client VPN Configuration
27:40 VPN Verification
29:10 Changing PPTP to L2TP with IPSec
============================================================
Helpful Links
Built-in VPN Authentication Options (Windows 10 and Windows 11)
learn.microsoft.com/en-us/win...
Default Encryption Settings for Microsoft L2TP/IPSec VPN Client
learn.microsoft.com/en-us/tro...
#vpn #server2019 #server2019 #server2022 #nps #activedirectory - Наука та технологія
![Securing RADIUS with EAP-TLS [Windows Server 2019]](/img/n.gif)
this is insane for how detailed this video is. Leading you through step by step, very clean instructions.
Great content! Love the channel. Excellent video.
Had to watch it again to perform another setup. Troy, your channel is my go to for troubleshooting. Big fan here!
Another amazing video Troy. Thank you for the info, as always.
Had no prevous knowledge. Watched the video twice and understood it completely. Respect Legend.
"And away we go" Troy, your channel is GREAT man! Thank you so much for your explanations.
Thank you so much Mr. Troy Berg for that so informative demonstration and explanation, it helped me a lot in my intern report
what a detailed and Brillant presentation. Thank you for sharing.
THANKS a lot for this perfect and helpful video from Germany🌸
You'll probably see me on here multiple times, I can never remember all the steps, so I have to keep rewatching. Thumbs up though.
He configures it like he was part of the programmers of this system. I must say that astonishing.
Very well explained. Thank you so much.
Glad it was helpful!
Well done, this is an excellent video that is very informative. Thank you.
Glad you found it helpful!
Thank you!
amazing informative video
Love your videos! Super informational. One tip/ask, can you add some troubleshooting tips for reference? I was able to run through the lab pretty easily, but I ran into an issue from my home lab to the cloud. But thanks again, your work really is easy to follow!
Thanks for this great lesson! I had already background info, but learned a lot of new info! When will the next video about the other scenario 802.1X Wireless or Wired Connections come online? Will there be in the video information about best cases for using certificates accross multiple sites of one domain? That would be great! Now I'm going to see your video of Deploying A Multi-Tier PKI.
That was a really informative and well-explained Video, Thank you for taking the time to put this Video together.
Edit: I have Followed this Video to the Dot and I cannot achieve a VPN connection from my Client. :-(
please do all the three servers have to joint the DC01 server or they are operating as separate servers for this to work ?
and how do you configure the inside and outside IP on a server?
thanks
tnx how can i see user connect and disconect time and net usage or net usage graph
Hi sir!
How about if i need to access from the public ip address. what ports must be openen?
500 and 4500 is what i got from googling but still can not access. Please let me know that to do in ordet to have access fron another network.
I'm trying to set this up behind NAT, eventually hoping to get L2TP/IPSec at the very least. So, the VPN Server only has one interface, with port-forwarded vpn ports from the main router. Having difficulties getting it to work, any special configs that need doing? If I set a range for a new private pool this will confuse the main router, no? So a DHCP Helper needs to forward dhcp requests in order to put the VPN client on the same LAN?
Hi Troy,
Great video. I configured my Radius and RRAS on the same server. Users can connect to the VPN, however, as soon as they connect, they lose their internet connection. Any ideas?
On the RASS how do you set up the Outside Ethernet? (Walk-Through)?
mine did not work, can you explain how your 172 address if from, is it another netwrok adaptor you added or wat?
I'm trying to setup a vpn connection through unifi usg. I followed this video, which I think is very well done and on point. But know I need to setup/config unifi usg vpn also setup vpn on my macbook pro. So far I haven't been successful.
is there a video provided in configuring radius 802.1x?
I tried to configure all VPN Server environments on only one windows server, but the connection was not successful. A domain name may still be needed.
how to allow AD RDP to connect from outside network
how many network adaptors are all vms have and what are they ? thanks
Will this let users log in to vpn from windows login screen
Hi Troy, do you do consulting?
So in the real life do I need 3 windows server machine ?
i really like it, but i have some questions, when connnected to the vpn, i figure i cannot access any intranet resource, is there anyway i can open subnet or add static routes to it.
Hi Chen,
The issue you're describing is most likely a DNS resolution problem, as your VPN client will have a different default DNS server than the LAN to which it is connected via VPN. It therefore can't resolve the FQDNs of the machines and resources in the LAN. I see this commonly when VPN clients are trying to connect to mapped network drives.
The way I usually solve this is (in order of simplicity):
a) when trying to access internal resources, use the IP address of the destination machine (for example, if you're trying to reach a shared folder on a machine inside the LAN, use the IP address of the machine rather than its FQDN -- such as "\\10.10.10.1\SharedFolder" rather than "\\FileServer01\SharedFolder".
b) add a text entry into the VPN client machine's HOSTS file for your LAN's DNS server, so the VPN client knows to look for the DNS server on the LAN in addition to its local DNS server for name resolution.
b) statically add an additional alternative DNS server to the VPN client -- you have to be careful with this option though. If the VPN client is a laptop, for example, the machine will rely on DHCP to obtain the preferred DNS server on each new network it connects to. Using dynamically assigned TCP/IP addresses and statically assigned DNS servers will usually cause problems unless the user has a foundational understanding of how DNS works and can fix any problems that arise. Otherwise it can be a trouble ticket nightmare.
Hope that helps, Chen. Good luck!
@@troyberg Hi Troy,
It may be out of scope on this specific video, but since the question came up I'd like to follow up on it:
Wouldn't this be easily solved by using your domain's DHCP server with a specific scope for the VPN-connections with scope option 6 pointing to your domain's DNS server? Fiddling with local hosts files (the quick&dirty way) or a static DNS on remote machines seems to require a lot of manual maintenance while you may already have the infrastructure in place to handle those requests.
Best regards and thanks for these helpful step-by-step video's
I can't configure the Authentication Method. I get the error that NPS is installed, you must use it to configure authentication and accounting providers. Any idea what went wrong? :) Thank you
I have the same problem, have you found a solution? Thank you.
@@Zeanzoul No, but I ended up not needing to set this up. It works anyway
all was good until you started showing the rass in another server . i have 2 servers active directory and RADIUS AND RAS AT THE SAME TIME. the Radius its showing me duplicated the client :(
31 miuntes...jesus christ