Secure Socket Tunneling Protocol (SSTP) gives you the ability to connect to your job’s network from any location that has an active internet connections, and is not filtering https. This port is usually open for normal secure web site traffic.
Step 1 – Make sure you have two NICs on your machine with static IP address.
Step 2 – I have my domain controller installed on the same machine which we will install SSTP/VPN but it’s not recommended to have it in your domain controller.
Step 3 – Open you “Server Manger” and Click on > Manage > Add Roles and Features
Step 4 – The wizard will start and you will Click > Next > Next > Next
Step 5 – Choose “Active Directory Certificate Services” and Add the features when prompted
Step 6 – Click Next > Next > Choose “Certification Authority Web Enrollment” > When prompted add features
Step 7 – Click Next > Click Install
Step 8 – Click on the “Configure Active Directory Certificate Services on the destination server”
Step 9 – You will get the “AD CS Configuration” wizard. Click Next.
Step 10 – Make sure to check off “Certification Authority Web Enrollment” then click on Next.
Step 11 – Click on Next > Next > Next > Next > Next > Next
Step 12 – Click on “Configure”
Step 13 – Once the configuration is completed open up a run command and type in “mmc”
Step 14 – Click on File > Add/Remote Snap-in….
Step 15 – Add “Certification Authority”
Step 16 – You are adding the “Local Computer”
Step 17 – Go to the MMC and navigate to the “Certificate Templates” node and right-click to “Manage”
Step 18 – Locate “IPSec” > right-click and “duplicate template”
Step 19 – This will open up when you duplicate the IPSec template
Step 20 – Go to General Tab > Give it a name
Step 21 – Go to Request Handling tab > check off “Allow private key to be exported”
Step 22 – Got to the Extension tab > Click on “Application Polices” > Click on Edit
Step 23 – Click on Add
Step 24 – Locate “Server Authentication” > click on OK
Step 25 – That’s it for the part 🙂
<hr>
Step 1: Open “Active Directory Users and Computers” > double-click on a user and go into the “Dial-in” tab and check off “Allow access”
Step 2: Open Server Manager > Manager > Add Roles and Features > Click on Next > Next > Next > Check “Network Policy and Access Services” – when prompted add all features
Step 3: Click Next > Next > Next > Next > Install > Close
Step 4: Open Server Manager > Add Roles and Features > Next > Next > Next > Next > Check off “Remote Access” – when prompted add all features
Step 5: Click Next > Next > Check off “Routing” > Next > Install
Step 6: When completed DO NOT “Open the Getting Started Wizard” for the Remote Service role > click on Close
Step 7: Open up the run command and type in “mmc”
Step 8: File > Add or Remove Snap-ins > “Certificates” > “Computer Account” > “Local Computer” > OK
Step 9: Expand Certificates > Personal > Certificates > Right-click > All-Tasks > “Request New Certificates”
Step 10: Click on Next > Next > locate the certificates > Click on “More information is required to enroll for this certificate…”
Step 11: Subject Name – Type “Common name” > add your value “vpn.bjn.com” > click on Add > Apply > OK
Step 12: Select your Certificate > Enroll
Step 13: Click on Finish
Step 14: Open the run command and type in rrasmgmt.msc
Step 15: Right-click on the server node “Configure and Enable Routing and Remote Access”
Step 16: Click on Next > Next > Check off “VPN”
Step 17: Highlight the first Ethernet > Disable “Enable security on the selected interface by…”
Step 18: Click on “From a specified range of addresses” > Next
Step 19: Click on New > Specify your range > OK > Next
Step 20: Click on Next > Finish > OK > OK
Step 21: Go back to your RRAS console > Right-click on server node > Properties
Step 22: Click on the “Security” tab > at the bottom change the “Certificate” type
Step 23: Click on the drop down and pick your “Certificate” > Apply > OK
