Question about configuring an ssl VPN

exampasser

Has anyone tried configuring an ssl VPN server on Server 2008 R2 (using only one NIC)? I've tried several tutorials with no luck (most of the tutorials I've read are based on using two NICs.)

Bl8ckr0uter

exampasser wrote: »

Has anyone tried configuring an ssl VPN server on Server 2008 R2 (using only one NIC)? I've tried several tutorials with no luck (most of the tutorials I've read are based on using two NICs.)

How could you even do this? Vlan tagging or assigning multiple IPs?

exampasser

Bl8ckr0uter wrote: »

How could you even do this? Vlan tagging or assigning multiple IPs?

Do you mean testing my VPN? I have my laptop (VPN client) on a separate dial-up connection.

Bl8ckr0uter

exampasser wrote: »

Do you mean testing my VPN? I have my laptop (VPN client) on a separate dial-up connection.

No I mean the SSL. Why does it need two interfaces? does it have a public and private ip? IF so that would be strange.

Have you looked here: http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part1.html

exampasser

Bl8ckr0uter wrote: »

No I mean the SSL. Why does it need two interfaces? does it have a public and private ip? IF so that would be strange.

Have you looked here: Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)

Two interfaces are not required, one interface would have a public IP and the other a private IP connecting to the LAN as you said. It just allows the server to perform routing/NAT functionality.

That is the guide I'm using btw, I've gotten all of the way to the error message "an existing connection was forcibly closed by the remote host " when trying SSTP, PPTP works fine though.

phoeneous

Bl8ckr0uter wrote: »

How could you even do this? Vlan tagging or assigning multiple IPs?

It's called RRAS and I hate it with a passion.

Bl8ckr0uter

phoeneous wrote: »

It's called RRAS and I hate it with a passion.

I know a little about RRAS but I didn't know you could run it off of one interface. Interesting.

it_consultant

exampasser wrote: »

Two interfaces are not required, one interface would have a public IP and the other a private IP connecting to the LAN as you said. It just allows the server to perform routing/NAT functionality.

That is the guide I'm using btw, I've gotten all of the way to the error message "an existing connection was forcibly closed by the remote host " when trying SSTP, PPTP works fine though.

If PPTP is working OK then I would be surprised if the problem is with your network card. I have never used SSTP before, PPTP was easy enough to set up and get working correctly. Are you sure you have punched all the required holes in your firewall?

exampasser

it_consultant wrote: »

If PPTP is working OK then I would be surprised if the problem is with your network card. I have never used SSTP before, PPTP was easy enough to set up and get working correctly. Are you sure you have punched all the required holes in your firewall?

I think the issue is with the certificate the RRAS is using, I think it's using the wrong certificate. I determined that it's not a firewall issue as I did temporarily turn off the firewall on my client and server and still got the same error.

exampasser

I fixed the CN mismatch error (had to do it by using the hostname instead of IP address, and then edit my hosts file to point to the correct IP) and now I'm getting " The revocation function was unable to check revocation because the revocation server was offline."

exampasser

I got it to work by following the directions in this article:
Configure RRAS with a Computer Authentication Certificate

It's not a good long-term solution but it works.

phoeneous

Is this for a production environment or a lab? If the prior, your solution rhymes with Cisco.

exampasser

phoeneous wrote: »

Is this for a production environment or a lab? If the prior, your solution rhymes with Cisco.

It was just a project to see how to do it for future reference.