VPN Server Configuration
From the server manager, click the notification icon 1 and then click Open Startup Assistant 2 .
Click Deploy VPN only 1 , this action will open the Routing and Remote Access console.
Once the console is open, right click on server 1 and click Configure and enable routing and remote access 2 .
A new assistant will launch, click Next 1 .
Select Custom Configuration 1 then click Next 2 .
Select the VPN Access 1 service to configure the VPN server and click Next 2 .
Click Finish 1 .
Click on Start Service 1 .
The VPN server is now operational, by default access to the VPN service is granted through the user’s properties in the Active Directory at the Remote Access tab. In a large environment this way of working quickly becomes heavy to administrator, we will now use the Network Policy Server (NPS) features to give the connection rights to an Active Directory group.
Launch the NPS Server Console on the server.
Unroll Strategies node 1 then right click on Network Strategies 2 and click on New 3 .
Name the strategy 1 and choose the type Remote Access Server (VPN-Dial-up) 2 then click Next 3 .
It is here that we will configure the conditions of access to the service, it is possible to add several conditions including access hours. Click the Add button 1 .
Choose User Groups 1 and click Add 2 .
A new window opens, click on Add 1 to choose the group, once this 2 select click OK 3 .
Once conditions are added, click on Next 1 .
Configure authorization to see if the policy is a 1 granted access policy or denied and click Next 2 to validate.
This part of the configuration is important for the future, including the configuration of the VPN client and the security level. The addition of an EAP protocol type is not mandatory but strongly recommended, click on the button Add 1 .
Select Microsoft: Secure Password (EAP-MSCHAP Version 2) 1 and click OK 2 .
Once you have selected the authentication types and methods, click Next 1 .
If a message appears about the authentication methods, click No to not open help.
In the strategy, no opposite will be configured, but it is possible to add as hours of access or force a type of VPN (NAS). Click Next 1 .
A summary of the strategy is displayed, click Finish 1 to confirm the creation.
The strategy has been added 1 . They are treated as on a firewall, they are read from top to bottom. If you have multiple policies, one of which does not apply, check that the traffic does not go into a strategy above.
Before you can use the VPN server, you must register the NPS server in the Active Directory for access permissions to be processed by it, right-click on NPS (Local) 1 and click Register a server in Active Directory 2 .
Click OK on the two confirmation messages that appear.
Before you proceed with the client configuration, look in the Remote Access Management console tools and click on it to open it. This console allows you to view the status of VPN server services and view connections in progress …