Run the following openssl commands on any Windows or Linux machine that has OpenSSL installed. On the CA, configure a certificate template to not include revocation information in issued certificates.Set the following registry values on your VPN clients: HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters\NoCertRevocationCheck=1.The Windows SSTP client refuses to connect when it cannot contact the CRL specified in a server certificate. As a consequence, the CA’s certificate revocation list (CRL) is not accessible from the internet either. We are using an internal certificate authority that is not accessible from the internet. I used a TLS certificate from our internal Active Directory root CA. The bad thing is that we need to deal with certificates. The good thing about that is that most firewalls and hotel networks should let it through. Authentication should be performed against a RADIUS server (we use Duo Authentication Proxy).The VPN should be bridged to the local network so that VPN clients get IP addresses from the internal network’s DHCP server.Installing additional client software should not be necessary. It should be possible to connect to the VPN with the clients that come with each operating system.The VPN should provide remote access via SSTP for Windows and L2TP for macOS clients.One is connected to the internal network, the other to the internet. Multiple Hyper-V hosts with VMs on an internal network.It shows how to set up a VPN for macOS and Windows clients on a Hyper-V Windows guest VM. This post describes a real-world configuration of the free VPN server SoftEther.
0 kommentar(er)
