{"id":281,"date":"2018-10-25T17:25:51","date_gmt":"2018-10-25T17:25:51","guid":{"rendered":"http:\/\/certcent.io\/?p=281"},"modified":"2018-10-25T17:25:51","modified_gmt":"2018-10-25T17:25:51","slug":"sstp-or-ike-on-virtual-machines-quick-and-dirty","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2018\/10\/25\/sstp-or-ike-on-virtual-machines-quick-and-dirty\/","title":{"rendered":"SSTP or IKE on Virtual Machines &#8211; Quick and dirty."},"content":{"rendered":"<p>It wasn&#8217;t quick to configure a client to successfully connect to a VPN through SSTP or IKE, but here are the takeaways.<br \/>\nIt can be easily done with three Virtual machines:<br \/>\n1 &#8211; Windows 2016 Server &#8211; ADSI,DHCP,DNS 192.168.100.1<br \/>\n2 &#8211; Windows 2016 Server &#8211; RRAS and AD Certificate with Web Enrollment.   192.168.100.111 \/ 10.0.3.1<br \/>\n3 &#8211; Windows 7 Client &#8211;  10.0.3.100 and VPN Connection<br \/>\nThere are plenty of easy YouTube videos and even Microsoft step-by-steps to set this up, but it&#8217;s not always that clear and dry.<br \/>\n1 &#8211; VPN Server &#8211; Create a new certificate from a template, call cert VPNClient, copy to personal store, set CN = 10.0.3.1 and ADCA, configure <strong>extensions<\/strong> for server authentication, <strong>request handling <\/strong>make key exportable, and  set <strong>Subject Name <\/strong>to &#8220;supply in request.&#8221;<br \/>\n2 &#8211; VPN Server &#8211; Configure bindings of IIS with new <strong>personal <\/strong>certificate.  Configure RRAS with new <strong>personal <\/strong>certificate.<br \/>\n3 &#8211; VPN Client &#8211; Download CA to Trusted enterprise root store.<br \/>\n4 &#8211; Connect.<br \/>\nProblems:<br \/>\n1. For some reason, I was able to login to my CA with the user lab\\administrator and this user was different from lab.com\\administrator.  This made accessing the certification templates difficult.  I finally got them corrected using the lab.com\\administrator.<br \/>\n2. My Windows client returned an error about an invalid CN name.  This is where I realized making the CN name the IP Address and Computer name would be simply.<br \/>\n3. Windows client complained about a revocation server, I ended up Googling this message and found a nifty registry entry that fixed this problem.  A reboot WAS NOT required.<br \/>\n4. NPS can be a pain, just configure the user to <strong>Allow <\/strong>dial-in privileges.<br \/>\nGood:<br \/>\nThe fixes were simply and having this scenario on a few VMs was very fun.  With my shields down (firewalls disabled), IKE connected without any problems.<br \/>\nChanges:<br \/>\nVPN Server: RRAS, CA, CA-Web Enroll, new private key, new trusted CA, IIS.<br \/>\nClient: New connection, new trusted CA.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It wasn&#8217;t quick to configure a client to successfully connect to a VPN through SSTP or IKE, but here are the takeaways. It can be easily done with three Virtual machines: 1 &#8211; Windows 2016 Server &#8211; ADSI,DHCP,DNS 192.168.100.1 2 &#8211; Windows 2016 Server &#8211; RRAS and AD Certificate with Web Enrollment. 192.168.100.111 \/ 10.0.3.1&hellip; <a class=\"more-link\" href=\"https:\/\/certcent.io\/index.php\/2018\/10\/25\/sstp-or-ike-on-virtual-machines-quick-and-dirty\/\">Continue reading <span class=\"screen-reader-text\">SSTP or IKE on Virtual Machines &#8211; Quick and dirty.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/281"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=281"}],"version-history":[{"count":0,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/281\/revisions"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}