question

MarlisSeptianNurhalim-8316 avatar image
0 Votes"
MarlisSeptianNurhalim-8316 asked LimitlessTechnology-2700 answered

Always On VPN non join domain

Hello,

So I deploy a Always on VPN on Windows Server 2019.
I follow guidance from this YouTube video
https://www.youtube.com/watch?v=aZ-thDAfuBM&t=2027s

Basically I'm deploying 3 windows server (RAS, NPS, and AD with CA) and all of this server is join domain.
I setting the VPN to use IKE protocol and authenticate to radius server.
I create 2 policy on radius server, first one is authenticate using certificate and the second one is authenticate using user and password only.

For join domain endpoint there's a auto enroll certificate policy and can connect to the VPN seamlessly.
But I have problem to connect VPN for non join domain endpoint.
I've import the client certificate from join domain endpoint and also CA certificate and then export it to non join domain endpoint and setting the VPN like this but not work with the error IKE authentication credentials are unacceptable
https://social.technet.microsoft.com/Forums/en-US/001e8311-37b8-46ae-9d73-96ae690785f2/ikev2peap-for-nondomain-computers?forum=winserverNIS

Can someone give me enlightenment of what could be wrong?

Note:
Both radius policy (using user or certificate for authentication) is tested with join domain endpoint and it works fine.

windows-serverwindows-10-networkwindows-server-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi @MarlisSeptianNurhalim-8316

The problem occurs if the version of Windows does not have support for IKE fragmentation or the client certificate is missing from Certificates - Current User\Personal\Certificates.

IKEv2 is supported on Windows 10 and Server 2016. However, in order to use IKEv2, you must install updates and set a registry key value locally. OS versions prior to Windows 10 are not supported and can only use SSTP.

Here is a link for a detailed description of the process that you must follow.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

Hope this resolves your Query!!


--If the reply is helpful, please Upvote and Accept it as an answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.