• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

(How TO) Deploying IKEv2 with EAP-MSCHAPv2 in Domain with group policy

Scheduled Pinned Locked Moved IPsec
2 Posts 2 Posters 6.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kapara
    last edited by Feb 22, 2016, 8:42 AM Feb 22, 2016, 8:30 AM

    Bye Bye Shrewsoft!!!

    I am now able to deploy the Native Windows VPN to any employee laptop without having to manually configure!  I had to choose this over openVPN so that users could connect via VPN prior to logging into PC.  This is very important for group policy to get applied and also folder redirection sync!

    I created a group policy called DeployVPN

    I added the CRT (CA Certificate) to the following location:

    Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policies -> Trusted Root Certification Authorities

    This will add the certificate automatically to all machines that the GP applies to.  If you remove it it will also remove it from the machines if you perform gpupdate /all no reboot required.  This is great for updating the cert if you need to!

    After creating the VPN on 1 machine, browse to C:\ProgramData\Microsoft\Network\Connections\Pbk and copy the rasphone.pbk to a network share that has read capability from all machines.

    Within the same policy go to:

    Computer Configuration -> Preferences -> Windows Settings -> Files

    Select the source using UNC path (Location of the pbk file), and enter the following under Target: C:\ProgramData\Microsoft\Network\Connections\Pbk

    Apply gpupdate to all machines.  I use my RMM tool to do this. and VPN is now available on all machines which are associated with this policy!

    BEWARE  This will overwrite any vpn's which may be stored in this location!  For my purposes this is ok since users do not have other "all user VPN's configured.  This does not overwrite the user stored VPN's in the users appdata folder.

    Skype ID:  Marinhd

    1 Reply Last reply Reply Quote 0
    • V
      vooze
      last edited by Mar 10, 2018, 10:19 PM

      Worked perfectly! thank you.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received