Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
EPL Standings
 
 
Windows 7

Troubleshooting Remote Access Issues (part 2) - Creating a VPN Connection & Add a Certificate

6/15/2011 6:22:44 PM

3. Creating a VPN Connection

A VPN connection actually requires two connections. First, you'll need to connect to the Internet, and then you'll connect to the VPN server. It doesn't matter how you connect to the Internet. It can be over a dial-up connection, a DSL line, a broadband connection, or even through a wireless router.

After creating the connection to the Internet, you can create the VPN connection. You follow the first steps just as you did when you created a dial-up connection. However, instead of choosing Dial Directly, you choose Use My Internet Connection (VPN), as shown in Figure 3.

Figure 3. Creating a VPN connection

If you aren't currently connected to the Internet, you'll be prompted to identify how you want to connect to the Internet. Figure 4 shows this screen. You can choose from one of the connections in the drop-down list. The Always Use This Connection check box is selected by default. If you launch the VPN connection but you're not connected to the Internet, you'll be prompted to connect using this connection.

You then enter the IP address or the hostname of the VPN server and a name for the connection. If you use the name of the VPN server, you'll need to ensure that it is resolvable from an Internet DNS server. If you put in the IP address directly, you'll bypass the DNS name-resolution step.

The wizard will then prompt you to enter credentials for the VPN server. These include the user name, password, and domain name if a domain is used.

Figure 4. Identifying Internet access for the VPN


Exercise: Creating a Remote Access VPN Connection

  1. Launch the Network and Sharing Center. Click Start => Control Panel => Network And Internet => Network And Sharing Center.

  2. Click Set Up A New Connection Or Network.

  3. Select Connect To A Workplace. Click Next.

  4. Ensure that No, Create A New Connection is selected. Click Next.

  5. Select Use My Internet Connection (VPN).

  6. On the Type The Internet Address page, enter the IP address or the name of the VPN server in the Internet Address text box. Enter a name for the VPN connection in the Destination Name text box.

  7. Select Don't Connect Now; Just Set It Up So I Can Connect Later. Click Next.

  8. Enter your user name, password, and domain (if needed). Click Create.


At this point, the connection is ready to use. While a lot of the connection activity is automatic, you may need to troubleshoot some connections.

4. Add a Certificate

If you're using IKEv2 or SSTP, a certificate is required for the connection. If you're using L2TP/IPSec, a certificate is recommended. The VPN server passes the certificate to the client during the connection process. However, the client won't necessarily trust this certificate.

As long as the certificate is issued from a trusted CA, the certificate is trusted. However, if the certificate is not issued from a trusted CA, the certificate won't be trusted and the user will see a warning.

Consider these two scenarios:

  1. Your company purchases a certificate from a public CA such as VeriSign. This certificate is installed on the VPN server and sent to the clients. Because Windows 7 clients have a certificate from VeriSign in their Trusted Root Certification Authorities store, they trust the certificate from the VPN server. They will not receive a warning.

  2. Your company chooses not to pay for the certificate. Instead, administrators create an internal CA. This internal CA issues a certificate to the VPN server. Because Windows 7 clients don't have a certificate from the internal CA in their Trusted Root Certification Authorities store, they do not trust the certificate from the VPN server. They will receive a warning.

The second scenario is cheaper, but the warning can be confusing to users. Users can ignore the warning, but with security as challenging as it is already, you probably don't want to train your users to ignore warnings. The solution is to add the certificate from the internal CA to the Windows 7 Trusted Root Certification Authorities store.


Exercise: Add a Certificate to a Windows 7 Client

  1. Click Start and type MMC in the Start Search box. If prompted by UAC, click Yes to continue.

  2. Select File => Add/Remove Snap-in.

  3. Select Certificates and click Add. Select Computer Account and click Next. Ensure Local Computer is selected and click Finish. Click OK.

  4. Expand Certificates => Trusted Root Certification Authorities => Certificates.

  5. Right-click Certificates and select Import. The Certificate Import Wizard will launch. Review the Welcome screen and click Next.

  6. Click Browse and go to the location of the certificate file. Click Open. Click Next.

  7. On the Certificate Store page, ensure that Place All Certificates In The Following Store is selected and the Certificate Store is listed as Trusted Root Certification Authorities. Your display will look similar to the following graphic. Click Next.



  8. Click Next.

  9. Review the information on the Completion screen and click Finish. A dialog box will appear indicating the import was successful. Click OK.


Once the certificate has been imported, the clients will no longer receive the warnings for certificates issues from the CA.

It's also possible to publish these certificates to internal clients using Group Policy. Certificates are deployed using the Computer Configuration => Policies => Windows Settings => Security Settings => Public Key Policies => Trusted Root Certification Authority Store node.

You can right-click the Trusted Root Certification Authority node and select Import. It uses a similar wizard to import the certificate. After the certificate is imported, Group Policy will deploy the certificate to all computers in the scope of the GPO.

Other -----------------
- Troubleshooting Remote Access Issues (part 1) - Remote Access Overview & Creating a Dial-up Connection
- Visual Basic 2010 : Consuming WCF Services
- Visual Basic 2010 : Implementing WCF Services
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading or Saving Documents in Office Web Apps
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading Documents from Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Working with Documents on Windows Live
- Configuring and Troubleshooting Wireless Connectivity (part 3) - Troubleshooting Wireless Connections
- Configuring and Troubleshooting Wireless Connectivity (part 2) - Connecting to a Wireless Network & Setting Up Connections
- Configuring and Troubleshooting Wireless Connectivity (part 1) - Using Wireless Security & Configuring Wireless on Windows 7
- Microsoft Visio 2010 : Identifying 1-D Shapes and Types of Glue & Positioning Shapes with Rulers and Guides
- Visual Basic 2010 : Serialization in the ADO.NET Entity Framework
- Visual Basic 2010 : Serialization in Windows Communication Foundation
- Microsoft Excel 2010 : Creating and Modifying Charts - Selecting Chart Elements & Formatting Chart Elements
- Microsoft Excel 2010 : Creating and Modifying Charts - Changing a Chart Type & Changing a Chart Layout and Style
- Microsoft Visio 2010 : Serialization with XAML
- Microsoft Visio 2010 : Custom Serialization
- Microsoft Visio 2010 : Connecting Shapes with Dynamic Connectors
- Microsoft Visio 2010 : Copying and Pasting Shapes & Connecting Shapes with Lines
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Creating Office Documents on Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Setting Folder Permissions on Windows Live
 
 
Most view of day
- Advanced Windows 7 Programming : Working in the Background - DEVELOPING TRIGGER-START SERVICES (part 1)
- Maintaining Dynamics GP : Safeguarding data by Backing Up everything
- Microsoft Excel 2010 : Expanding and Collapsing Subtotals, Copying Subtotals
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 3) - Mapping external data to shapes
- Sharepoint 2013 : New Installation and Configuration - Configuring Your SharePoint Farm
- Editing Digital Video with Windows Live Movie Maker (part 1) - Starting Windows Live Movie Maker
- Sharepoint 2013 : Service Application Administration (part 1) - Creating a New Instance of a Service Application
- Windows Server 2012 : Provisioning and managing shared storage (part 4) - Provisioning SMB shares - Configuration options for SMB shares, Types of SMB shares
- Maintaining Desktop Health : Understanding Windows Error Reporting (part 3) - Architecture of Windows Error Reporting, Configuring Windows Error Reporting
- Client Access to Exchange Server 2007 : Using Cached Exchange Mode for Offline Functionality
Top 10
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 3) - Creating IPv4 DHCP Scopes
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 2) - Installing DHCP Server and Server Tools
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 1)
- Windows Server 2012 : DHCP,IPv6 and IPAM - Understanding the Components of an Enterprise Network
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 3) - Translating Text with the Mini Translator
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 2) - Translating a Word or Phrase with the Research Pane
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 1) - Setting Options for the Research Task Pane, Searching with the Research Task Pane
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 2) - Ending a Linked Notes Session, Viewing Linked Notes
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 1) - Beginning a Linked Notes Session
- Microsoft OneNote 2010 : Doing Research with Side Notes (part 3) - Moving Side Notes to Your Existing Notes
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro