Love your videos! Super informational. One tip/ask, can you add some troubleshooting tips for reference? I was able to run through the lab pretty easily, but I ran into an issue from my home lab to the cloud. But thanks again, your work really is easy to follow!
Hi Troy, Great video. I configured my Radius and RRAS on the same server. Users can connect to the VPN, however, as soon as they connect, they lose their internet connection. Any ideas?
Thanks for this great lesson! I had already background info, but learned a lot of new info! When will the next video about the other scenario 802.1X Wireless or Wired Connections come online? Will there be in the video information about best cases for using certificates accross multiple sites of one domain? That would be great! Now I'm going to see your video of Deploying A Multi-Tier PKI.
That was a really informative and well-explained Video, Thank you for taking the time to put this Video together. Edit: I have Followed this Video to the Dot and I cannot achieve a VPN connection from my Client. :-(
I'm trying to setup a vpn connection through unifi usg. I followed this video, which I think is very well done and on point. But know I need to setup/config unifi usg vpn also setup vpn on my macbook pro. So far I haven't been successful.
I'm trying to set this up behind NAT, eventually hoping to get L2TP/IPSec at the very least. So, the VPN Server only has one interface, with port-forwarded vpn ports from the main router. Having difficulties getting it to work, any special configs that need doing? If I set a range for a new private pool this will confuse the main router, no? So a DHCP Helper needs to forward dhcp requests in order to put the VPN client on the same LAN?
please do all the three servers have to joint the DC01 server or they are operating as separate servers for this to work ? and how do you configure the inside and outside IP on a server? thanks
Hi sir! How about if i need to access from the public ip address. what ports must be openen? 500 and 4500 is what i got from googling but still can not access. Please let me know that to do in ordet to have access fron another network.
i really like it, but i have some questions, when connnected to the vpn, i figure i cannot access any intranet resource, is there anyway i can open subnet or add static routes to it.
Hi Chen, The issue you're describing is most likely a DNS resolution problem, as your VPN client will have a different default DNS server than the LAN to which it is connected via VPN. It therefore can't resolve the FQDNs of the machines and resources in the LAN. I see this commonly when VPN clients are trying to connect to mapped network drives. The way I usually solve this is (in order of simplicity): a) when trying to access internal resources, use the IP address of the destination machine (for example, if you're trying to reach a shared folder on a machine inside the LAN, use the IP address of the machine rather than its FQDN -- such as "\\10.10.10.1\SharedFolder" rather than "\\FileServer01\SharedFolder". b) add a text entry into the VPN client machine's HOSTS file for your LAN's DNS server, so the VPN client knows to look for the DNS server on the LAN in addition to its local DNS server for name resolution. b) statically add an additional alternative DNS server to the VPN client -- you have to be careful with this option though. If the VPN client is a laptop, for example, the machine will rely on DHCP to obtain the preferred DNS server on each new network it connects to. Using dynamically assigned TCP/IP addresses and statically assigned DNS servers will usually cause problems unless the user has a foundational understanding of how DNS works and can fix any problems that arise. Otherwise it can be a trouble ticket nightmare. Hope that helps, Chen. Good luck!
@@troyberg Hi Troy, It may be out of scope on this specific video, but since the question came up I'd like to follow up on it: Wouldn't this be easily solved by using your domain's DHCP server with a specific scope for the VPN-connections with scope option 6 pointing to your domain's DNS server? Fiddling with local hosts files (the quick&dirty way) or a static DNS on remote machines seems to require a lot of manual maintenance while you may already have the infrastructure in place to handle those requests. Best regards and thanks for these helpful step-by-step video's
I can't configure the Authentication Method. I get the error that NPS is installed, you must use it to configure authentication and accounting providers. Any idea what went wrong? :) Thank you
all was good until you started showing the rass in another server . i have 2 servers active directory and RADIUS AND RAS AT THE SAME TIME. the Radius its showing me duplicated the client :(
![Securing RADIUS with EAP-TLS [Windows Server 2019]](/img/1.gif)
Had no prevous knowledge. Watched the video twice and understood it completely. Respect Legend.
this is insane for how detailed this video is. Leading you through step by step, very clean instructions.
"And away we go" Troy, your channel is GREAT man! Thank you so much for your explanations.
Had to watch it again to perform another setup. Troy, your channel is my go to for troubleshooting. Big fan here!
He configures it like he was part of the programmers of this system. I must say that astonishing.
Another amazing video Troy. Thank you for the info, as always.
You'll probably see me on here multiple times, I can never remember all the steps, so I have to keep rewatching. Thumbs up though.
what a detailed and Brillant presentation. Thank you for sharing.
Love your videos! Super informational. One tip/ask, can you add some troubleshooting tips for reference? I was able to run through the lab pretty easily, but I ran into an issue from my home lab to the cloud. But thanks again, your work really is easy to follow!
Great content! Love the channel. Excellent video.
THANKS a lot for this perfect and helpful video from Germany🌸
Thank you so much Mr. Troy Berg for that so informative demonstration and explanation, it helped me a lot in my intern report
Well done, this is an excellent video that is very informative. Thank you.
Glad you found it helpful!
Hi Troy,
Great video. I configured my Radius and RRAS on the same server. Users can connect to the VPN, however, as soon as they connect, they lose their internet connection. Any ideas?
Nice good informative
Thanks for this great lesson! I had already background info, but learned a lot of new info! When will the next video about the other scenario 802.1X Wireless or Wired Connections come online? Will there be in the video information about best cases for using certificates accross multiple sites of one domain? That would be great! Now I'm going to see your video of Deploying A Multi-Tier PKI.
Very well explained. Thank you so much.
Glad it was helpful!
That was a really informative and well-explained Video, Thank you for taking the time to put this Video together.
Edit: I have Followed this Video to the Dot and I cannot achieve a VPN connection from my Client. :-(
I'm trying to setup a vpn connection through unifi usg. I followed this video, which I think is very well done and on point. But know I need to setup/config unifi usg vpn also setup vpn on my macbook pro. So far I haven't been successful.
amazing informative video
I tried to configure all VPN Server environments on only one windows server, but the connection was not successful. A domain name may still be needed.
I'm trying to set this up behind NAT, eventually hoping to get L2TP/IPSec at the very least. So, the VPN Server only has one interface, with port-forwarded vpn ports from the main router. Having difficulties getting it to work, any special configs that need doing? If I set a range for a new private pool this will confuse the main router, no? So a DHCP Helper needs to forward dhcp requests in order to put the VPN client on the same LAN?
is there a video provided in configuring radius 802.1x?
please do all the three servers have to joint the DC01 server or they are operating as separate servers for this to work ?
and how do you configure the inside and outside IP on a server?
thanks
Thank you!
Hi sir!
How about if i need to access from the public ip address. what ports must be openen?
500 and 4500 is what i got from googling but still can not access. Please let me know that to do in ordet to have access fron another network.
On the RASS how do you set up the Outside Ethernet? (Walk-Through)?
mine did not work, can you explain how your 172 address if from, is it another netwrok adaptor you added or wat?
tnx how can i see user connect and disconect time and net usage or net usage graph
how many network adaptors are all vms have and what are they ? thanks
Will this let users log in to vpn from windows login screen
i really like it, but i have some questions, when connnected to the vpn, i figure i cannot access any intranet resource, is there anyway i can open subnet or add static routes to it.
Hi Chen,
The issue you're describing is most likely a DNS resolution problem, as your VPN client will have a different default DNS server than the LAN to which it is connected via VPN. It therefore can't resolve the FQDNs of the machines and resources in the LAN. I see this commonly when VPN clients are trying to connect to mapped network drives.
The way I usually solve this is (in order of simplicity):
a) when trying to access internal resources, use the IP address of the destination machine (for example, if you're trying to reach a shared folder on a machine inside the LAN, use the IP address of the machine rather than its FQDN -- such as "\\10.10.10.1\SharedFolder" rather than "\\FileServer01\SharedFolder".
b) add a text entry into the VPN client machine's HOSTS file for your LAN's DNS server, so the VPN client knows to look for the DNS server on the LAN in addition to its local DNS server for name resolution.
b) statically add an additional alternative DNS server to the VPN client -- you have to be careful with this option though. If the VPN client is a laptop, for example, the machine will rely on DHCP to obtain the preferred DNS server on each new network it connects to. Using dynamically assigned TCP/IP addresses and statically assigned DNS servers will usually cause problems unless the user has a foundational understanding of how DNS works and can fix any problems that arise. Otherwise it can be a trouble ticket nightmare.
Hope that helps, Chen. Good luck!
@@troyberg Hi Troy,
It may be out of scope on this specific video, but since the question came up I'd like to follow up on it:
Wouldn't this be easily solved by using your domain's DHCP server with a specific scope for the VPN-connections with scope option 6 pointing to your domain's DNS server? Fiddling with local hosts files (the quick&dirty way) or a static DNS on remote machines seems to require a lot of manual maintenance while you may already have the infrastructure in place to handle those requests.
Best regards and thanks for these helpful step-by-step video's
So in the real life do I need 3 windows server machine ?
Hi Troy, do you do consulting?
I can't configure the Authentication Method. I get the error that NPS is installed, you must use it to configure authentication and accounting providers. Any idea what went wrong? :) Thank you
I have the same problem, have you found a solution? Thank you.
@@Zeanzoul No, but I ended up not needing to set this up. It works anyway
all was good until you started showing the rass in another server . i have 2 servers active directory and RADIUS AND RAS AT THE SAME TIME. the Radius its showing me duplicated the client :(
31 miuntes...jesus christ