dark

Windows Server 2016-在服务器上设置SSTP或IKEV2 VPN

Total
0
Shares
0
0
0



Windows Server-在服务器上设置SSTP或IKEV2 VPN

请先查看:https://youtu.be/lWZIHoAwu2c

该视频是我们上一个关于如何使用OCSP设置根CA的视频的后续内容。在此视频中,我们向您展示如何使用自签名的ROOT CA,然后使用VPN证书在Windows Server 2016上设置最大加密SSTP或IKEv2虚拟专用网络(VPN)。这也应在早期版本的Windows Server上运行。

欲了解更多信息,请访问:

https://www.windows10.ninja

https://www.servers2016.com

成绩单(机器生成,因此包含错误)

在上一个视频中,我们向您展示了如何使用OCSP服务来设置我们的证书颁发机构,该服务基本上检查以确保由您的CA证书颁发机构颁发的证书仍然有效,等等,这是一个漫长的过程,基本上,如果您刚刚运行的是某些带有SSTP或IP版本2等的VPN,而您只是此视频,我们建议您实际进入第一步,该视频位于上一视频和说明中。我们应该有上一年的链接。请注意,首先要设置CA,然后再设置OCSP和频段。现在很简单。好的,在完成之前的所有步骤之后,您要做的就是创建一个VPN。好的,作为虚拟专用网络。好的,您可以在安全加密系统下的公司环境中将一台PC或多台PC连接到服务器,因此您可以在家工作。例如,在您需要做的所有工作期间都连接到工作服务器,而这全部通过使用此VPN服务的加密Internet连接完成。现在,如果您拥有以前的证书,那么如果我可以很简单地进行设置,那么我们需要做的就是在这里安装ServerManager,基本上可以得到一个,只需单击服务器管理器即可。但是我们现在还需要创建该VPN证书,因此我将向您展示MMC如何输入它们,然后添加好的证书模板。我们需要一个好的证书就是那个,并确保计算机帐户。单击“下一步完成”,然后单击“证书颁发机构”。我们认为他们本地计算机中的一个很好,单击完成。单击确定。现在我们需要创建一个我可以使用的VPN证书,然后我们就得到了证书模板,双击它,从字面上看这是该证书的一点额外内容,因此无需修改此模板,而是将其复制为证书模板的副本并命名。让我们开始讨论吧,我们称之为VPN证书。我认为不可避免的时期是没有道理的。您可以更改它。如果您想添加到活动目录框中,那很好,但是对于我们现在正在做的事情,所有这些都具有兼容性。如果您希望证书可读,则可以在较旧的计算机上使用。您可以拥有最新版本的所有功能,向后兼容可以为您提供更多可以如此简单连接的机器。还可以,一般比请求处理好。我们要允许导出私钥。正如您所看到的那样,我们有一种很好的加密方法,那就是CSP基本上是所有分类的arm密钥证明,无需在其发行要求中添加任何内容。好的,您可以单击其CA证书管理器,在其发行之前,需要批准等,但这样做尽可能简单明了,因此服务器希望添加其使用者名称。这实际上是因为创建具有所有特殊名称的搜索字词证书中的一个实际上将更改设置而不是活动目录,从而自动为我们生成所有数据,这可能只是一个,也许不希望实际上是在我们提供的数据中我们自己在需求中提供并治愈……然后决定将其扩展。这是最重要的,我们将在此处添加服务器身份验证,这是非常重要的服务器身份验证。好的,还可以添加联盟身份验证,因此添加这两个身份,现在我们可以使扩展变得至关重要。单击“确定”将清除这一天,现在我们已经创建了一个VPN证书模板。现在,我们需要进行评估,以证明我们在证书颁发机构的证书模板中以我们希望的方式运行的所有操作,但是要使您看到它不在此处,因此我们需要引入“无证书模板”。

10 comments

  1. Following your instructions exactly (both videos), but the SSTP VPN always returns "error 0x80072afc: The requested name is valid, but no data of the requested type was found." Trying to switch the configurations to work for IKEv2 always returns "error 868: the remote connection was not made because the name of the remote access server did not resolve."

    Where did I go wrong? I suspect I need to further configure the DNS, but I've no idea what I can or should do.

    Currently running tests on a lone DC within a company network. All firewall settings are allowing traffic over TCP port 443.

  2. Thank you very much for your eplanation. I just followed every step of both your videos. And when I try to connect from windows 10 (with SSTP) it gives me the next message: "Connetion cannot be stablished. The destination denied especifically the connection" If i set PPTP it works perfectly" If I try to set IKEv2 it gives me the net message: "Type of certificate not valid" Any idea about the issue? Thank you very much again!!

  4. Hello,
    SSTP worked fine but without internet access and IKEv2 is showing the following error "IKE authentication credentials are unacceptable"
    Thanks

  5. Well I got SSTP to work, but when I try IKEv2 (which is what we want to be on) does not connect. It says "IKE failed to find valid machine certificate. Contact your Network Security Administrator about installing a valid certificate in the appropriate Certificate Store." Let's just say researching this issue shall be ongoing for me.

  6. Please help me! I did what you do in these videos but I get an error at the point I want to finally connect to VPN on the client PC. It can't connect because the certificate's CN name does not match the given values.

  7. Many thanks! Video helped me out a lot to get everything set up. I'm still kind of confused on how to set it up when you use a different server for RCA than you use for VPN but it worked out. Keep it up! Many thanks!

  9. Hi, great videos! I have followed your steps from your creating the cert to setting up the SSTP VPN. I however cannot seem to connect . Its giving me the error of : The certificates CN name does not match the passed value. Can you help please. And maybe could help further via skype call maybe?

  10. The certificate downloaded from the server only included the public key right? How did it work? Since we will need a PKCS12 certificate with private key for IKEv2?
    And, how did you make the client be able to connect to the Internet without using splitting tunnel? Only chose the NAT option? It is not working for me.

Comments are closed.