VPN Server with Windows Server: Installation and Configuration

VPN in SSTP

The SSTP tunnel is based on port 443 (HTTPS) which can be used in most WIFI connections.

Setting up the VPN SSTP requires configuring the certificate used for the connection. This must be installed in the personal store of the computer.

To work, the certificate authority must be known to the clients.

It is possible to use a self-signed certificate on the server, in which case the certificate must be installed on the clients in the Trusted Root Certification Authority store. If you are using a standalone or enterprise CA, you just need to deploy the authority certificate.

VPN Service Configuration – Routing and Remote Access

On the VPN server from the Routing and Remote Access console, open the server properties, on the Security tab 1 in the SSL certificate link section, choose the certificate 2 and validate by clicking Apply. 3 and OK 4 .
Select certificate

The changes require a restart of the service, confirm by clicking Yes 1 .
Restart service

Customer configuration

The login host name in the General tab must be a DNS name 1 present in the certificate.
Connection host name

As for the PPTP VPN tunnel, it is possible to force the type in the Security tab 1 by selecting SSTP 2 .
SSTP type

NPS

As for the PPTP tunnel, it is possible to force the SSTP tunnel into the network strategy.
Type de serveur VPN : SSTP / VPN server type: SSTP

Error: The revocation function could not verify the revocation because the revocation server was disconnected

If you are using a self-signed certificate or from a private CA that does not publish the revocation list on the Internet, you must add a registry key to the client to bypass this verification.

Open the registry editor and go to the location : HLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters et ajouter la clef (DWORD) NoCertRevocationCheck by assigning it the value 1.
NoCertRevocationCheck


How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

We are sorry that this post was not useful for you!

Let us improve this post!



Related Posts


DNS Resolution Based on Client IP Address with Windows Server
In this tutorial I will explain how to make sure that the DNS resolution with Windows Server is done according to the IP address of the client. There are two solutions that we will see in this article. The first solution to enable network mask sortin

Hyper-V: Virtual Switch with Port Aggregate – Switch Embedded Teaming (SET)
Introduction In this tutorial, we're going to have how to create a Switch Embedded Teaming virtual switch. Since Windows 2016, it is possible to directly create a virtual switch with a network card teaming. On Windows Server 2012 and Windows Server 2

Hyper-V: Change the MAC Address of a Virtual Machine
It is possible in Hyper-V as in VMware to change the MAC address of a network adapter of a virtual machine. We usually have to do this kind of operation on machines where the software uses the MAC address cards to generate the licenses 1. Open the Hy