Join Log in
Score:0
Arcath avatar Server

RRAS VPN using Wrong Server Authentication Cert

zm flag
Arcath

I've got a RRAS VPN setup using IKEv2 and certs issued by the domain's CA. It has a cert for the public domain and I know this is getting presented to the client.

How ever it seems that either the server is sending the wrong cert, or is sending all its server authentication certs which includes one issued by MS-Organization-P2P-Access [2022]. This of course isn't trusted by the clients who then kick it back.

Looking at Get-VpnAuthProtocol I can see that its told to use the domain's CA.

Not sure how I tell RRAS to use the right cert.

90
1 + 0
Score:1
LeeM avatar Server
cn flag
LeeM

It'd be really helpful to know what your RRAS config actually is, what OS, anything.

Anyway, if Get-VpnAuthProtocol shows TunnelAuthProtocolsAdvertised = "Certificate", then you can use Set-VpnAuthProtocol -CertificateAdvertised to set the correct cert.

Or do Set-VpnS2Snterface –MachineCertificate <-X509Certificate>. Your cert subject name or SAN must match the external interface name.

I can't imagine why RRAS would present the junky Azure P2P access one - it's a client cert, not a server cert. Maybe try the best-practice analyzer and see if it flags anything useful: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn535711(v=ws.11)

+ 1
Arcath avatar
zm flag
Arcath
`Set-VpnAuthProtocol -CertificateAdvertised` did the trick.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.