windows server rras record other C/S address in SSTP tunnel over ipv6
We can see that Client/Server ipv6 addresses in RRAS MMC console are not the same with netstat log. In rras SSTP mode, client connect to server port 443/tcp. Using packet capture tool such as wireshark, I found netstat tells the right address. Why RRAS mmc console print strange C/S addresses, with the same ipv6 prefix /64 as the netstat answer. Radius auth/accounting records are the same with rras mmc console. The same problem found in windows server 2016. When switch to IKEv2 tunnel mode, addresses in MMC are the same with netstat. The problem was not found in ipv4 tunnel. DirectAccess feature is not enable. Is this C/S addresses transform a feature? What for? Maybe Directaccess?
Basic VPN questions.....
I've been tasked with enabling VPN access to small biz running Windows 2022 Server Essentials Current config - about a dozen users in the domain, mostly local users but a couple that require local/VPN access and one who is VPN only. Client PCs are Win 10/11 Pro, and domain joined apart from the one owned by the VPN-only user. I've a couple of group policies - one for redirected folders, one mapping a shared network drive (Z) on the server, and users accounts are also configured for a home (H) folder. I've installed the VPN server and my plan is to use SSTP with a self signed certificate for now. My test user is enabled for dial in access, and is in the group to get the shared drive map GP. On the test client PC I have an entry in the hosts file mapping the certificate CN name to the static WAN IP address of the router. I've created an SSTP VPN connection and it seems to at least connect.... Questions: 1) if I VPN in from a home PC (ie non domain-joined) as the test user I don't get the Z shared drive mapped, nor the home folder H, though I can manually browse these via \\ip address\share. Is this to be expected ? 2) I haven't tested it yet, but if a user with a domain joined laptop takes it home, and logs in there with cached domain credentials and then VPNs in, do they get those drive mappings ? And would folder direction attempt to kick in ? Sorry for the long explanation but hoping someone can give me a few pointers 🙂
