On domain controllers:
Install Network Policy Server
Create Radius client
Open NPS and right click on “NPS (local)” and click on “Register server in Active directory”
Go to Policies – Connection Request Policies – New and enter:
-Name: NAME
-Type: Unspecified
-Conditions: Client IPv4 Address – enter RADIUS client IP
Go to Policies – Network Policies – New and enter:
-Name: NAME
-Type: Unspecified
-Conditions: User Groups – add AD groups you want to allow connection to
-EAP Types: MSCHAP2 and EAP
-add EAP-MSCHAP v2 add EAP
-Settings – delete PPP and Framed, add Service-Type: Administrative
Right mouse click on policy and move policy to TOP (move UP)

For auto-create VPN connection for users, in GPO:
create script:

add script to GPO:
-User configuration
-Windows Settings
-Scripts — Logon — PowerShell — add

On Linux servers:

Get certificate using certbot. Link the cert files so that they can be used in StrongSwan:

Setup WAN interface:
Go to /etc/netplan
Create 99_config.yaml

Setup Iptables:

Copy iptables settings to /etc/iptables.sh

Enable forwarding:
Edit /etc/sysctl.conf and put to end

Edit /etc/strongswan.d/charon/attr.conf, enter DNS addresses:

Edit /etc/strongswan.d/charon/eap-radius.conf and enter NPS servers addresses:

Edit /etc/ipsec.conf, define connections:

Edit /etc/ipsec.secrets private key for cert:

Run and status IPsec:

Оставить комментарий

Пожалуйста, будьте вежливы. Мы ценим это. Обязательные поля отмечены *