Set up an SSTP VPN in Windows Server 2022
Donate Us : paypal.me/MicrosoftLab
Set up an SSTP VPN in Windows Server 2022
1. Prepare
- DC21 : Domain ControllerYi.vn, IP 10.0.0.21 | DC22 : Certificate Server, IP 10.0.0.22, Gateway 10.0.0.23 | DC24 : File Server, IP 10.0.0.24 # Gateway 10.0.0.23
- DC23 : VPN Server, IP 10.0.0.23, 10.0.2.23 | WIN111 : Client, IP 10.0.2.111, Gateway 10.0.2.23
2. Step by step : Set up an SSTP VPN, WIN111 access to File Server using HiepIT account
- DC21 : Allow HiepIT VPN from Internet
+ Server Manager - Tools - Active Directory Users and Computers - Yi.vn - IT OU - Right-click HiepIT - Properties - Dial-in tab - Network Access Permission : Allow access
- DC24 : Create and share a folder named DATA
- DC22 : Install "Active Directory Certificate Services" and issue certificate
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certification Authority Web Enrollment" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority" and "Certification Authority Web Enrollment"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : Yi-CA - Next to Configure - Close
+ Start - MMC - File - Add/Remove Snap-in...- Certification Authority - Add - Finish
+ Yi-CA - Right-click Certificate Templates - Manage - Right-click IPSec - Duplicate Template :
+ General tab - Template display name : SSTP + Request Handling tab - Check "Allow private key to be exported"
+ Subject Name tab - Choose "Supply in the request" - OK + Extensions tab - Edit... - Add... - Choose "Server Authentication" - OK
+ Right-click Certificate Templates - New - Certificate Template to Issue - Choose SSTP
- DC23 : Request Certificate and install routing
+ Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Right-click Personal - All Tasks
- Request New Certificate... - Next to Request Certificates : Select SSTP restart server if don't show cert - Click "More information is required to enroll…" - Subject tab :
+ Type : Common name, Value : vpn.Yi.vn - Add - OK - Enroll - Finish
+ Server Manage - Manage - Add Roles and Features - Next to Server Roles : Select "Remote Access" - Next to Role Services - Select Routing - Add Features - Next to Install - Close
+ Tools - Routing and Remote Access - Right-click DC23 local : Configure and Enable Routing and Remote Access - Choose "Custom configuration" - Select "VPN access ", NAT and "LAN routing"
- Finish - Start service
+ Right-click DC23 - Properties - Security tab - Certificate : vpn.Yi.vn - IPv4 tab - choose "Static address pool" - Add - Start 10.0.0.120 End 10.0.0.150 - OK
+ IPv4 - Right-click NAT - New Interface... - Outside 10.0.2.23 :
+ NAT tab - Choose "Public interface connected to the Internet" - Select "Enable NAT on this interface" + Services and Ports tab - Select "Web Server HTTP" - Private address : 10.0.0.22 - OK
+ Right-click DC23 - All Tasks - Restart
- WIN111 : Download certificate and test VPN
+ Internet Explorer - http://10.0.2.23/certsrv - Type account - Download a CA certificate, certificate chain, or CRL - Download CA certificate
+ Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Trust Root Certification Authorities
- Right-click Certificates - All Tasks - Import... - Browse to local certificate - Finish
+ File Explorer - This PC - C: drive - Windows - System32 - drivers - etc - hosts - Add "10.0.2.23 vpn.Yi.vn" - Save
+ Right-click icon network - Open Network and Sharing Center - Setup a new connection or network - Connect to a workplace - Use my Internet connection VPN - I'll set up an Internet connection later
- Internet address : vpn.Yi.vn - Create
+ Start - regedit - HKEY_LOCAL_MACHINE - SYSTEM - CurrentControlSet - Services - SstpSvc - Right-click Parameters - New - DWORD 22-bit Value - Rename to NoCertRevocationCheck
- Change Value data from 0 to 1
+ Right-click VPN Connection - Security tab - Type of VPN : Secure Socket Tunneling Protocol SSTP - Right-click VPN Connection - Connect / Disconnect - Connect - Type HiepIT account
+ Start - run - \\10.0.0.24\DATA === OK
------------------------------------------------------------------******************** / microsoftlab ********************----------------------------------------------------------------------
Смотрите видео Set up an SSTP VPN in Windows Server 2022 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь microsoft lab 18 Февраль 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 2,037 раз и оно понравилось 11 людям.