Options
Question about configuring an ssl VPN
exampasser
Member Posts: 718 ■■■□□□□□□□
in Off-Topic
Has anyone tried configuring an ssl VPN server on Server 2008 R2 (using only one NIC)? I've tried several tutorials with no luck (most of the tutorials I've read are based on using two NICs.)
Comments
-
OptionsBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□exampasser wrote: »Has anyone tried configuring an ssl VPN server on Server 2008 R2 (using only one NIC)? I've tried several tutorials with no luck (most of the tutorials I've read are based on using two NICs.)
How could you even do this? Vlan tagging or assigning multiple IPs? -
Optionsexampasser Member Posts: 718 ■■■□□□□□□□Bl8ckr0uter wrote: »How could you even do this? Vlan tagging or assigning multiple IPs?
Do you mean testing my VPN? I have my laptop (VPN client) on a separate dial-up connection. -
OptionsBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□exampasser wrote: »Do you mean testing my VPN? I have my laptop (VPN client) on a separate dial-up connection.
No I mean the SSL. Why does it need two interfaces? does it have a public and private ip? IF so that would be strange.
Have you looked here: http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part1.html -
Optionsexampasser Member Posts: 718 ■■■□□□□□□□Bl8ckr0uter wrote: »No I mean the SSL. Why does it need two interfaces? does it have a public and private ip? IF so that would be strange.
Have you looked here: Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)
Two interfaces are not required, one interface would have a public IP and the other a private IP connecting to the LAN as you said. It just allows the server to perform routing/NAT functionality.
That is the guide I'm using btw, I've gotten all of the way to the error message "an existing connection was forcibly closed by the remote host " when trying SSTP, PPTP works fine though. -
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□Bl8ckr0uter wrote: »How could you even do this? Vlan tagging or assigning multiple IPs?
It's called RRAS and I hate it with a passion. -
OptionsBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□It's called RRAS and I hate it with a passion.
I know a little about RRAS but I didn't know you could run it off of one interface. Interesting. -
Optionsit_consultant Member Posts: 1,903exampasser wrote: »Two interfaces are not required, one interface would have a public IP and the other a private IP connecting to the LAN as you said. It just allows the server to perform routing/NAT functionality.
That is the guide I'm using btw, I've gotten all of the way to the error message "an existing connection was forcibly closed by the remote host " when trying SSTP, PPTP works fine though.
If PPTP is working OK then I would be surprised if the problem is with your network card. I have never used SSTP before, PPTP was easy enough to set up and get working correctly. Are you sure you have punched all the required holes in your firewall? -
Optionsexampasser Member Posts: 718 ■■■□□□□□□□it_consultant wrote: »If PPTP is working OK then I would be surprised if the problem is with your network card. I have never used SSTP before, PPTP was easy enough to set up and get working correctly. Are you sure you have punched all the required holes in your firewall?
I think the issue is with the certificate the RRAS is using, I think it's using the wrong certificate. I determined that it's not a firewall issue as I did temporarily turn off the firewall on my client and server and still got the same error. -
Optionsexampasser Member Posts: 718 ■■■□□□□□□□I fixed the CN mismatch error (had to do it by using the hostname instead of IP address, and then edit my hosts file to point to the correct IP) and now I'm getting " The revocation function was unable to check revocation because the revocation server was offline."
-
Optionsexampasser Member Posts: 718 ■■■□□□□□□□I got it to work by following the directions in this article:
Configure RRAS with a Computer Authentication Certificate
It's not a good long-term solution but it works. -
Optionsphoeneous Member Posts: 2,333 ■■■■■■■□□□Is this for a production environment or a lab? If the prior, your solution rhymes with Cisco.
-
Optionsexampasser Member Posts: 718 ■■■□□□□□□□Is this for a production environment or a lab? If the prior, your solution rhymes with Cisco.