Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
EPL Standings
 
 
Windows 7

Troubleshooting Remote Access Issues (part 2) - Creating a VPN Connection & Add a Certificate

6/15/2011 6:22:44 PM

3. Creating a VPN Connection

A VPN connection actually requires two connections. First, you'll need to connect to the Internet, and then you'll connect to the VPN server. It doesn't matter how you connect to the Internet. It can be over a dial-up connection, a DSL line, a broadband connection, or even through a wireless router.

After creating the connection to the Internet, you can create the VPN connection. You follow the first steps just as you did when you created a dial-up connection. However, instead of choosing Dial Directly, you choose Use My Internet Connection (VPN), as shown in Figure 3.

Figure 3. Creating a VPN connection

If you aren't currently connected to the Internet, you'll be prompted to identify how you want to connect to the Internet. Figure 4 shows this screen. You can choose from one of the connections in the drop-down list. The Always Use This Connection check box is selected by default. If you launch the VPN connection but you're not connected to the Internet, you'll be prompted to connect using this connection.

You then enter the IP address or the hostname of the VPN server and a name for the connection. If you use the name of the VPN server, you'll need to ensure that it is resolvable from an Internet DNS server. If you put in the IP address directly, you'll bypass the DNS name-resolution step.

The wizard will then prompt you to enter credentials for the VPN server. These include the user name, password, and domain name if a domain is used.

Figure 4. Identifying Internet access for the VPN


Exercise: Creating a Remote Access VPN Connection

  1. Launch the Network and Sharing Center. Click Start => Control Panel => Network And Internet => Network And Sharing Center.

  2. Click Set Up A New Connection Or Network.

  3. Select Connect To A Workplace. Click Next.

  4. Ensure that No, Create A New Connection is selected. Click Next.

  5. Select Use My Internet Connection (VPN).

  6. On the Type The Internet Address page, enter the IP address or the name of the VPN server in the Internet Address text box. Enter a name for the VPN connection in the Destination Name text box.

  7. Select Don't Connect Now; Just Set It Up So I Can Connect Later. Click Next.

  8. Enter your user name, password, and domain (if needed). Click Create.


At this point, the connection is ready to use. While a lot of the connection activity is automatic, you may need to troubleshoot some connections.

4. Add a Certificate

If you're using IKEv2 or SSTP, a certificate is required for the connection. If you're using L2TP/IPSec, a certificate is recommended. The VPN server passes the certificate to the client during the connection process. However, the client won't necessarily trust this certificate.

As long as the certificate is issued from a trusted CA, the certificate is trusted. However, if the certificate is not issued from a trusted CA, the certificate won't be trusted and the user will see a warning.

Consider these two scenarios:

  1. Your company purchases a certificate from a public CA such as VeriSign. This certificate is installed on the VPN server and sent to the clients. Because Windows 7 clients have a certificate from VeriSign in their Trusted Root Certification Authorities store, they trust the certificate from the VPN server. They will not receive a warning.

  2. Your company chooses not to pay for the certificate. Instead, administrators create an internal CA. This internal CA issues a certificate to the VPN server. Because Windows 7 clients don't have a certificate from the internal CA in their Trusted Root Certification Authorities store, they do not trust the certificate from the VPN server. They will receive a warning.

The second scenario is cheaper, but the warning can be confusing to users. Users can ignore the warning, but with security as challenging as it is already, you probably don't want to train your users to ignore warnings. The solution is to add the certificate from the internal CA to the Windows 7 Trusted Root Certification Authorities store.


Exercise: Add a Certificate to a Windows 7 Client

  1. Click Start and type MMC in the Start Search box. If prompted by UAC, click Yes to continue.

  2. Select File => Add/Remove Snap-in.

  3. Select Certificates and click Add. Select Computer Account and click Next. Ensure Local Computer is selected and click Finish. Click OK.

  4. Expand Certificates => Trusted Root Certification Authorities => Certificates.

  5. Right-click Certificates and select Import. The Certificate Import Wizard will launch. Review the Welcome screen and click Next.

  6. Click Browse and go to the location of the certificate file. Click Open. Click Next.

  7. On the Certificate Store page, ensure that Place All Certificates In The Following Store is selected and the Certificate Store is listed as Trusted Root Certification Authorities. Your display will look similar to the following graphic. Click Next.



  8. Click Next.

  9. Review the information on the Completion screen and click Finish. A dialog box will appear indicating the import was successful. Click OK.


Once the certificate has been imported, the clients will no longer receive the warnings for certificates issues from the CA.

It's also possible to publish these certificates to internal clients using Group Policy. Certificates are deployed using the Computer Configuration => Policies => Windows Settings => Security Settings => Public Key Policies => Trusted Root Certification Authority Store node.

You can right-click the Trusted Root Certification Authority node and select Import. It uses a similar wizard to import the certificate. After the certificate is imported, Group Policy will deploy the certificate to all computers in the scope of the GPO.

Other -----------------
- Troubleshooting Remote Access Issues (part 1) - Remote Access Overview & Creating a Dial-up Connection
- Visual Basic 2010 : Consuming WCF Services
- Visual Basic 2010 : Implementing WCF Services
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading or Saving Documents in Office Web Apps
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading Documents from Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Working with Documents on Windows Live
- Configuring and Troubleshooting Wireless Connectivity (part 3) - Troubleshooting Wireless Connections
- Configuring and Troubleshooting Wireless Connectivity (part 2) - Connecting to a Wireless Network & Setting Up Connections
- Configuring and Troubleshooting Wireless Connectivity (part 1) - Using Wireless Security & Configuring Wireless on Windows 7
- Microsoft Visio 2010 : Identifying 1-D Shapes and Types of Glue & Positioning Shapes with Rulers and Guides
- Visual Basic 2010 : Serialization in the ADO.NET Entity Framework
- Visual Basic 2010 : Serialization in Windows Communication Foundation
- Microsoft Excel 2010 : Creating and Modifying Charts - Selecting Chart Elements & Formatting Chart Elements
- Microsoft Excel 2010 : Creating and Modifying Charts - Changing a Chart Type & Changing a Chart Layout and Style
- Microsoft Visio 2010 : Serialization with XAML
- Microsoft Visio 2010 : Custom Serialization
- Microsoft Visio 2010 : Connecting Shapes with Dynamic Connectors
- Microsoft Visio 2010 : Copying and Pasting Shapes & Connecting Shapes with Lines
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Creating Office Documents on Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Setting Folder Permissions on Windows Live
 
 
Most view of day
- Microsoft Dynamic CRM 4 : Data Migration (part 4) - Creating a Data Migration
- Microsoft Dynamic GP 2010 : Providing clean vendor information by properly closing Purchase Orders, Protecting against information loss by printing Fixed Asset Reports
- Windows Server 2012 Administration : Configuring Sites (part 2) - Creating a Site - Adding Domain Controllers to Sites
- Windows Phone 7 Programming Model : Application Data Persistence
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 2) - Ending a Linked Notes Session, Viewing Linked Notes
- Working with the User State Migration Tool (part 5) - Getting Extra Mileage Out of the USMT
- Maintaining Desktop Health : Using Task Scheduler (part 1) - Task Scheduler Architecture
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 3) - Translating Text with the Mini Translator
- Sharepoint 2013 : Backup and Restore (part 5) - Farm Backup and Restore - Performing a Backup
- Maintaining Security : Setting Your Password, Changing Your Password, Resetting Your Password
Top 10
- Creating an XPS Document,Scanning a Picture, Scanning Anything
- Printing Your Photographs, Printing Web Pages - Print the Pictures, Fix the Layout
- Specifying a Default Printer, Controlling Your Printing - Change the Default Printer, View the Queue, Stop the Presses
- Printing from a Program, Printing a Document - Print a Document Using the Default Printer, Print a Document Using a Specific Printer
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting Macro Security Options
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting ActiveX Security Options
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting Add-in Security Options
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting Document Related Security Options
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Selecting Trusted Publishers and Locations
- Windows Phone 8 : The Multimedia Experience - Xbox Music Pass (part 2) - Playing Music from the Xbox Music Pass
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro