Set up an SSTP VPN in Windows Server 2016
Donate Us : paypal.me/MicrosoftLab
Set up an SSTP VPN in Windows Server 2016
1. Prepare
DC21 : Domain Controller (pns.vn), IP 10.0.0.21 | DC22 : Certificate Server, IP 10.0.0.22, Gateway 10.0.0.23 | DC23 : VPN Server, IP 10.0.0.23 and 10.0.2.23
DC24 : File Server, IP 10.0.0.24, Gateway 10.0.0.23 | WIN1091 : Client, IP 10.0.2.91, Gateway 10.0.2.23
2. Step by step : Set up an SSTP VPN, WIN1091 access to File Server using HiepIT account
DC21 : Allow HiepIT VPN from Internet
Server Manager - Tools - Active Directory Users and Computers - pns.vn - IT OU - Right-click HiepIT - Properties - Dial-in tab - Network Access Permission : Allow access
DC24 : Create and share a folder named DATA
DC22 : Install "Active Directory Certificate Services" and issue certificate
Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
Next to Role Services : Select "Certification Authority" and "Certification Authority Web Enrollment" - Add Features - Install
Notifications - Congifure Active Directory Certificate Services on the distination server
Role Service : Select "Certification Authority" and "Certification Authority Web Enrollment" - Setup Type : Enterprise CA
Next to CA Name : Common name for this CA : PNS-CA - Next to Configure - Close
Start - MMC - File - Add/Remove Snap-in...- Certification Authority - Add - Finish
PNS-CA - Right-click Certificate Templates - Manage - Right-click IPSec - Duplicate Template :
General tab - Template display name : SSTP
Request Handling tab - Check "Allow private key to be exported"
Subject Name tab - Choose "Supply in the request" - OK
Extensions tab - Edit... - Add... - Choose "Server Authentication" - OK
Right-click Certificate Templates - New - Certificate Template to Issue - Choose SSTP
DC23 : Request Certificate and install routing
Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Right-click Personal - All Tasks
Request New Certificate... - Next to Request Certificates : Select SSTP ( restart server if don't show cert ) - Click "More information is required to enroll…" - Subject tab :
Type : Commaon name, Value : vpn.pns.vn - Add - OK - Enroll - Finish
Server Manage - Manage - Add Roles and Features - Next to Server Roles : Select "Remote Access" - Next to Role Services
Select Routing - Add Features - Next to Install - Close
Tools - Routing and Remote Access - Right-click DC23 (local) : Configure and Enable Routing and Remote Access
Choose "Custom configuration" - Select "VPN access ", NAT and "LAN routing" - Finish - Start service
Right-click DC23 - Properties - Security tab - Certificate : vpn.pns.vn - IPv4 tab - choose "Static address pool" - Add - Start 10.0.10.100 End 10.0.10.200 - OK
Right-click DC23 - All Tasks - Restart
IPv4 - Right-click NAT - New Interface... - Internet (10.0.2.23) :
NAT tab - Choose "Public interface connected to the Internet" - Select "Enable NAT on this interface"
Services and Ports tab - Select "Web Server (HTTP)" - Private address : 10.0.0.22 - OK
Right-click DC23 - All Tasks - Restart
WIN1091 : Download certificate and test VPN
Internet Explorer - http://10.0.2.23/certsrv - Type account - Download a CA certificate, certificate chain, or CRL - Download CA certificate
Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Trust Root Certification Authorities
Right-click Certificates - All Tasks - Import... - Browse to local certificate - Finish
File Explorer - This OC - C: drive - Windows - System32 - drivers - etc - hosts - Add "10.0.2.23 vpn.pns.vn" - Save
Right-click icon network - Open Network and Sharing Center - Setup a new connection or network - Connect to a workplace - Use my Internet connection (VPN)
I'll set up an Internet connection later - Internet address : vpn.pns.vn - Create
Start - regedit - HKEY_LOCAL_MACHINE - SYSTEM - CurrentControlSet - Services - SstpSvc - Right-click Parameters
New - DWORD (32-bit) Value - Rename to NoCertRevocationCheck - Change Value data from 0 to 1
Right-click VPN Connection - Security tab - Type of VPN : Secure Socket Tunneling Protocol (SSTP)
Right-click VPN Connection - Connect / Disconnect - Connect - Type HiepIT account
Watch video Set up an SSTP VPN in Windows Server 2016 online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 24 June 2017, don't forget to share it with your friends and acquaintances, it has been viewed on our site 5,584 once and liked it 18 people.