Set up an SSTP VPN in Windows Server 2022
Donate Us : paypal.me/MicrosoftLab
Set up an SSTP VPN in Windows Server 2022
1. Prepare
- DC21 : Domain ControllerYi.vn, IP 10.0.0.21 | DC22 : Certificate Server, IP 10.0.0.22, Gateway 10.0.0.23 | DC24 : File Server, IP 10.0.0.24 # Gateway 10.0.0.23
- DC23 : VPN Server, IP 10.0.0.23, 10.0.2.23 | WIN111 : Client, IP 10.0.2.111, Gateway 10.0.2.23
2. Step by step : Set up an SSTP VPN, WIN111 access to File Server using HiepIT account
- DC21 : Allow HiepIT VPN from Internet
+ Server Manager - Tools - Active Directory Users and Computers - Yi.vn - IT OU - Right-click HiepIT - Properties - Dial-in tab - Network Access Permission : Allow access
- DC24 : Create and share a folder named DATA
- DC22 : Install "Active Directory Certificate Services" and issue certificate
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certification Authority Web Enrollment" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority" and "Certification Authority Web Enrollment"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : Yi-CA - Next to Configure - Close
+ Start - MMC - File - Add/Remove Snap-in...- Certification Authority - Add - Finish
+ Yi-CA - Right-click Certificate Templates - Manage - Right-click IPSec - Duplicate Template :
+ General tab - Template display name : SSTP + Request Handling tab - Check "Allow private key to be exported"
+ Subject Name tab - Choose "Supply in the request" - OK + Extensions tab - Edit... - Add... - Choose "Server Authentication" - OK
+ Right-click Certificate Templates - New - Certificate Template to Issue - Choose SSTP
- DC23 : Request Certificate and install routing
+ Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Right-click Personal - All Tasks
- Request New Certificate... - Next to Request Certificates : Select SSTP restart server if don't show cert - Click "More information is required to enroll…" - Subject tab :
+ Type : Common name, Value : vpn.Yi.vn - Add - OK - Enroll - Finish
+ Server Manage - Manage - Add Roles and Features - Next to Server Roles : Select "Remote Access" - Next to Role Services - Select Routing - Add Features - Next to Install - Close
+ Tools - Routing and Remote Access - Right-click DC23 local : Configure and Enable Routing and Remote Access - Choose "Custom configuration" - Select "VPN access ", NAT and "LAN routing"
- Finish - Start service
+ Right-click DC23 - Properties - Security tab - Certificate : vpn.Yi.vn - IPv4 tab - choose "Static address pool" - Add - Start 10.0.0.120 End 10.0.0.150 - OK
+ IPv4 - Right-click NAT - New Interface... - Outside 10.0.2.23 :
+ NAT tab - Choose "Public interface connected to the Internet" - Select "Enable NAT on this interface" + Services and Ports tab - Select "Web Server HTTP" - Private address : 10.0.0.22 - OK
+ Right-click DC23 - All Tasks - Restart
- WIN111 : Download certificate and test VPN
+ Internet Explorer - http://10.0.2.23/certsrv - Type account - Download a CA certificate, certificate chain, or CRL - Download CA certificate
+ Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Trust Root Certification Authorities
- Right-click Certificates - All Tasks - Import... - Browse to local certificate - Finish
+ File Explorer - This PC - C: drive - Windows - System32 - drivers - etc - hosts - Add "10.0.2.23 vpn.Yi.vn" - Save
+ Right-click icon network - Open Network and Sharing Center - Setup a new connection or network - Connect to a workplace - Use my Internet connection VPN - I'll set up an Internet connection later
- Internet address : vpn.Yi.vn - Create
+ Start - regedit - HKEY_LOCAL_MACHINE - SYSTEM - CurrentControlSet - Services - SstpSvc - Right-click Parameters - New - DWORD 22-bit Value - Rename to NoCertRevocationCheck
- Change Value data from 0 to 1
+ Right-click VPN Connection - Security tab - Type of VPN : Secure Socket Tunneling Protocol SSTP - Right-click VPN Connection - Connect / Disconnect - Connect - Type HiepIT account
+ Start - run - \\10.0.0.24\DATA === OK
------------------------------------------------------------------******************** / microsoftlab ********************----------------------------------------------------------------------
Watch video Set up an SSTP VPN in Windows Server 2022 online without registration, duration hours minute second in high quality. This video was added by user microsoft lab 18 February 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,037 once and liked it 11 people.