Set up an SSTP VPN in Windows Server 2016

Published: 24 June 2017
on channel: microsoft lab
5,584
18

Donate Us : paypal.me/MicrosoftLab

Set up an SSTP VPN in Windows Server 2016

1. Prepare

DC21 : Domain Controller (pns.vn), IP 10.0.0.21 | DC22 : Certificate Server, IP 10.0.0.22, Gateway 10.0.0.23 | DC23 : VPN Server, IP 10.0.0.23 and 10.0.2.23

DC24 : File Server, IP 10.0.0.24, Gateway 10.0.0.23 | WIN1091 : Client, IP 10.0.2.91, Gateway 10.0.2.23

2. Step by step : Set up an SSTP VPN, WIN1091 access to File Server using HiepIT account

DC21 : Allow HiepIT VPN from Internet

Server Manager - Tools - Active Directory Users and Computers - pns.vn - IT OU - Right-click HiepIT - Properties - Dial-in tab - Network Access Permission : Allow access

DC24 : Create and share a folder named DATA

DC22 : Install "Active Directory Certificate Services" and issue certificate

Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features

Next to Role Services : Select "Certification Authority" and "Certification Authority Web Enrollment" - Add Features - Install

Notifications - Congifure Active Directory Certificate Services on the distination server

Role Service : Select "Certification Authority" and "Certification Authority Web Enrollment" - Setup Type : Enterprise CA

Next to CA Name : Common name for this CA : PNS-CA - Next to Configure - Close

Start - MMC - File - Add/Remove Snap-in...- Certification Authority - Add - Finish

PNS-CA - Right-click Certificate Templates - Manage - Right-click IPSec - Duplicate Template :

General tab - Template display name : SSTP

Request Handling tab - Check "Allow private key to be exported"

Subject Name tab - Choose "Supply in the request" - OK

Extensions tab - Edit... - Add... - Choose "Server Authentication" - OK

Right-click Certificate Templates - New - Certificate Template to Issue - Choose SSTP

DC23 : Request Certificate and install routing

Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Right-click Personal - All Tasks

Request New Certificate... - Next to Request Certificates : Select SSTP ( restart server if don't show cert ) - Click "More information is required to enroll…" - Subject tab :

Type : Commaon name, Value : vpn.pns.vn - Add - OK - Enroll - Finish

Server Manage - Manage - Add Roles and Features - Next to Server Roles : Select "Remote Access" - Next to Role Services

Select Routing - Add Features - Next to Install - Close

Tools - Routing and Remote Access - Right-click DC23 (local) : Configure and Enable Routing and Remote Access

Choose "Custom configuration" - Select "VPN access ", NAT and "LAN routing" - Finish - Start service

Right-click DC23 - Properties - Security tab - Certificate : vpn.pns.vn - IPv4 tab - choose "Static address pool" - Add - Start 10.0.10.100 End 10.0.10.200 - OK

Right-click DC23 - All Tasks - Restart

IPv4 - Right-click NAT - New Interface... - Internet (10.0.2.23) :

NAT tab - Choose "Public interface connected to the Internet" - Select "Enable NAT on this interface"

Services and Ports tab - Select "Web Server (HTTP)" - Private address : 10.0.0.22 - OK

Right-click DC23 - All Tasks - Restart

WIN1091 : Download certificate and test VPN

Internet Explorer - http://10.0.2.23/certsrv - Type account - Download a CA certificate, certificate chain, or CRL - Download CA certificate

Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Trust Root Certification Authorities

Right-click Certificates - All Tasks - Import... - Browse to local certificate - Finish

File Explorer - This OC - C: drive - Windows - System32 - drivers - etc - hosts - Add "10.0.2.23 vpn.pns.vn" - Save

Right-click icon network - Open Network and Sharing Center - Setup a new connection or network - Connect to a workplace - Use my Internet connection (VPN)

I'll set up an Internet connection later - Internet address : vpn.pns.vn - Create

Start - regedit - HKEY_LOCAL_MACHINE - SYSTEM - CurrentControlSet - Services - SstpSvc - Right-click Parameters

New - DWORD (32-bit) Value - Rename to NoCertRevocationCheck - Change Value data from 0 to 1

Right-click VPN Connection - Security tab - Type of VPN : Secure Socket Tunneling Protocol (SSTP)

Right-click VPN Connection - Connect / Disconnect - Connect - Type HiepIT account


Watch video Set up an SSTP VPN in Windows Server 2016 online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 24 June 2017, don't forget to share it with your friends and acquaintances, it has been viewed on our site 5,584 once and liked it 18 people.