Hello,
So I deploy a Always on VPN on Windows Server 2019.
I follow guidance from this YouTube video
https://www.youtube.com/watch?v=aZ-thDAfuBM&t=2027s
Basically I'm deploying 3 windows server (RAS, NPS, and AD with CA) and all of this server is join domain.
I setting the VPN to use IKE protocol and authenticate to radius server.
I create 2 policy on radius server, first one is authenticate using certificate and the second one is authenticate using user and password only.
For join domain endpoint there's a auto enroll certificate policy and can connect to the VPN seamlessly.
But I have problem to connect VPN for non join domain endpoint.
I've import the client certificate from join domain endpoint and also CA certificate and then export it to non join domain endpoint and setting the VPN like this but not work with the error IKE authentication credentials are unacceptable
https://social.technet.microsoft.com/Forums/en-US/001e8311-37b8-46ae-9d73-96ae690785f2/ikev2peap-for-nondomain-computers?forum=winserverNIS
Can someone give me enlightenment of what could be wrong?
Note:
Both radius policy (using user or certificate for authentication) is tested with join domain endpoint and it works fine.