create vpn bridge to share devices between office and client
hi all, I would like create a vpn bridge and vpn server to create a connection between client devices and my office. It is not easy to explain so I create a scheme in attachmente. Have someone any idea to help me to guarantee connection and the devices connected to hotspot couldn't have any port forwarding but it must create a connection between client and my office. it could be a raspberry with wifi connected to internet and eth0 cable connected to client devices. Many thanks in advance
Basic VPN questions.....
I've been tasked with enabling VPN access to small biz running Windows 2022 Server Essentials Current config - about a dozen users in the domain, mostly local users but a couple that require local/VPN access and one who is VPN only. Client PCs are Win 10/11 Pro, and domain joined apart from the one owned by the VPN-only user. I've a couple of group policies - one for redirected folders, one mapping a shared network drive (Z) on the server, and users accounts are also configured for a home (H) folder. I've installed the VPN server and my plan is to use SSTP with a self signed certificate for now. My test user is enabled for dial in access, and is in the group to get the shared drive map GP. On the test client PC I have an entry in the hosts file mapping the certificate CN name to the static WAN IP address of the router. I've created an SSTP VPN connection and it seems to at least connect.... Questions: 1) if I VPN in from a home PC (ie non domain-joined) as the test user I don't get the Z shared drive mapped, nor the home folder H, though I can manually browse these via \\ip address\share. Is this to be expected ? 2) I haven't tested it yet, but if a user with a domain joined laptop takes it home, and logs in there with cached domain credentials and then VPNs in, do they get those drive mappings ? And would folder direction attempt to kick in ? Sorry for the long explanation but hoping someone can give me a few pointers 🙂
Managing multiple RRAS servers
We have 3 load balanced RRAS VPN servers. I can view all three at once in the RRAS console, but it lacks some helpful information. The newer Remote Access Management Console gets a lot closer to having all relevant client information, but as far as I can tell, it can only connect to and display one RRAS server at a time. Is there any way to access multiple RRAS servers concurrently in RAMC? If not, what's the best way to ask a feature request?
Azure AD Joined Hello for Business and NPS Radius Authentication
Hi guys, I am starting to roll out the Windows VPN client using L2TP to our computers which are a mixture of Hybrid Joined and Azure AD joined. All computers in the business have got Windows Hello for Business and this works well. The issue I am having is for the Azure AD joined machines only signing in with biometrics. They are unable to connect to the VPN with successfully when they use the '-UseWinlogonCredential' switch. This is not an issue with Hybrid Joined machines signing in with biometrics. I am struggling to find a solution to this problem, so for the interim those machines are simply prompting the user for their username and password which gets accepted. I suspect it's a certificate issue for Azure AD joined machines only but not too sure how to configure the NPS to allow these through. Any advice is greatly appreciated!
Prompted for credentials when accessing mapped drive via VPN
I have a strange issue that is happening for a few users. They have domain joined computers and when connecting to VPN and then opening a mapped drive they are getting prompted for their AD credentials. Myself and many other users do not have this issue. When I connect to VPN I can double click the mapped drive (although there is a red X at first) the drive opens up with no issues. NTFS and share permissions allow everyone Read permissions so I know the permissions are not the issue. Once the credentials are entered they stay connected until logout or reboot. Anyone have this issue before? Any help is greatly appreciated!! Thanks.VPN Server Role - Windows Server 2016 - cannot ping domain from client
Hi guys! Need some help. I successfully installed and configured the role. And on my domain-joined W7 client I created the connection. I connect to the home WiFi and can login to the local domain I have, and then I can connect to the VPN connection and ping the domain, and any IP resources like servers, NAS etc. can browse network shares in a folder window. BUT If I connect OUTSIDE my LAN, via a pocket WiFi, then connect to the same VPN connection (using the URL which is setup via DYNDNS and port-forwarding 1723 on router) domain cannot be pinged and I cannot bring up network shares in a folder window. I CAN ping any IP in the network, however, via the command line prompt. Any ideas?? This is driving me NUTS.AlwaysOn VPN Connects, but Unable to Access Local Network Resources
Hi all, I've been struggling with this issue for a couple weeks now. I recently deployed an AlwaysOn VPNfor a local engineering firm to allow employees to work from home (especially with the pandemic). I followed several tutorials including Microsoft's own. I am able to connect successfully to the VPN and ping local devices and servers by IP, FQDN, and Common Name. Th eproblem is that I cannot access the file shares on the primary server or RDC into any of them through any methods. The network topology is something as follows. I've got a Ciena (modem?) for our fiber optic internet connection. That is connected to a NetVanta 5660 router (with the appropirate firewall ports opened). My Windows Server 2016 VPN/Routing/NAT server has one NIC connected to the NetVanta router with the Public IP configured and the other NIC connected to the private network with a private IP. This NIC is connected to the central unmanaged network switch where al other wired devices are connected. A wireless AP allows for staff with wireless devices to connect to the private network. I am running a Windows Server 2019 machine configured as a DC, DHCP, DNS, CA, NPS, File, and Printing server. I do not have any Vms in the evironment currently as I'm learning this stuff as I go. The client device I used in testing is a domain joined machine running Windows 10 Pro. Here are some of the things I've tried in my conversations and troubleshooting with other sources. - Network Discovery is enabled on both of the servers and the client device. - Problem persisted with all firewalls disabled. - Only running Windows Defender Antivirus currently. - My Private DNS servers are working as I can resolve local device names. - I CAN RDC into the VPN server successfully by the private IP and Common Name, but nothing on the private network. I really need to get this working and I've just hit a bunch of dead ends. If anyone has any advice I would greatly appreciate it.Windows 2012 R2 RRAS Issues
I am trying to connect a Windows 10 PC to a Windows Server 2012 R2 using RRAS over L2TP/IPSEC PSK so that the PC can access the Windows Server and the windows server can access the PC. I have the PC connecting to the server and the PC is able to load a website hosted on port 443 however cannot ping the server on the VPN IP address and the Server cannot access the PC at all. Please can someone help?Use AD to restrict access for VPN users
I'm a network technician, working mostly with campus networks (Cisco mostly) and security appliances like firewalls. I'm not very good at Windows Server configuration, so I need a bit of help solving an issue with AD and NPS that google does not solve for me. :) I'm setting up Remote Access VPN (it's not Direct Access or any other Microsoft VPN solution). When user A connects via VPN, he should not be able to access everything though the VPN tunnel, it should be locked down to a few IP addresses and port numbers, like: 192.168.40.0/24, port 80 172.16.55.43, port 22 User A might be member of a group, and others in that group should have the same restriction. The general idea is that an organisation should be able to configure this access restriction in AD and not have to log on to the firewall to do this. My question is how you configure this. The only way I have found is to create a separate Network Profile for every Group, and in that profile set group membership as a condition and a Cisco-AV-Pair specifying the ACL in the settings (pictures below). That's not a very scalable solution for large organizations. Is there a better way? I've set up a lab environment for this, based on a DC and a NPS server. I'm not sure if NPS is needed but it seemed reasonable (maybe there is an LDAP solution?). I've configured RADIUS authentication via the NPS server and it works, it's just the ACL bit on AD that's missing.
