Canberra, Australia
To be provided
To be provided

Always On VPN – Design

Harmik Batth Tech Blog

Always On VPN – Design

Below workflow diagram that will be used to follow to implement this solution – Detailed workflow for deploying Always-On VPN connections for remote domain-joined Windows 10 client computers.

Planning And Design

This blog series assume that you have following already in place:

  • Windows Server 2016 Domain Controller
  • Public Key Infrastructure (PKI) and Active Directory Certificate Services (AD CS).
  • A public certificate with a specific URL (remote.harrmikbatth.lab)
  • A perimeter network firewalls.
    • One before the Perimeter Network
    • One after the Perimeter network, toward internal network
  • Remote client computers must be joined to the Active Directory domain.
  • Remote client computers must be running the Windows 10 Anniversary Update (version 1803) or later operating system.
  • VM with two Network Cards in DMZ
    • External facing Network with Public IP Address
    • Internal Facing Network with Internal IP
      • This Internal Facing network needs to have full access to the internal network including any no https inspection.
  • Install new NPS as a RADIUS server on a server or VM.
  • VPN Connection type to be used
    • Internet Key Exchange version 2 (IKEv2)
    • SSTP (To allow Home Wifi, Airport and Guest Public Wifi’s)
  • Forced Tunnel will be used.
  • User authentication
    • By using user certificates, the Always On VPN client connects automatically, but it does so at the user level (after user sign-in) instead of at the device level (before user sign-in).
  • Remote Clients will be using DHCP Range
  • You must allow appropriate Firewall rules to
    • Depending on your network environment, you might need to make several routing modifications.

Workflow Diagram


No Comments

Add your comment