Me gusta Me gusta. Hola no puedo configurar el «Servidor de VPN» se conecto un par de veces y ahora nada. No se que hacer. Hola Alejandro. Primero darte las gracias por compartir tus conocimientos.
Me descargue la aplicacion Openssl para Windows y cree una CA y 2 certificados uno para el server y otro para el cliente. Los he instalado segun los pasos de la pagina de Microsoft a traves de la consola en equipo local-certificados-personal y certificados raiz de confianza en el server, y el cliente en el mismo sitio y tb probe en el cliente a instalarlos en la misma ruta pero tb en la ruta de usuario.
Estoy perdido pq microsoft dice q el cliente debe llevar los certificados en ambas rutas Equipo Local y Usuario, pero siguiendo el ejemplo de servidores VPN de internet los cuales unicamente dicen de instalar el certificado en la ruta de Equipo Local tampoco consigo la conexion me da Error pone q se incio la conexion pero se interrumpio por problema con los certificados. He probado diferentes formas de hacer de los certificados y diferentes nombres en el Common Name a la hora de crearlos por si estaba el problema ahi, pq lei en otras paginas q el Common Name debe llevar el nombre del hostname del equipo, la ip….
En el equipo server he probado con el certf. El certificado de cliente lo hago de igual manera, con menos dias d duracion y en el Common Name le pongo el hostname del pc cliente. Los paso a formato P12 e incluyo el certificado raiz de confianza para q se instalen ambos a la vez, al descargar uno de los certificados de un conocido servicio VPN dice de instalar el certificado atraves de la consola solo en ruta de equipo local vi q al instalarse el certificado de cliente ya instala tb el de raiz de confianza asi q busque como hacerlo:.
Yo he habilitado el y el en UDP y por si las moscas el en ambos protocolos. Pero como duda dire que haciendo un netstat -an 03 en ambas maquinas no se observa que ninguna abra el puerto ni udp ni tcp en ningun momento. Me he fijado que cuando creo la solicitud de firma, el archivo CSR, la version de openssl que tenia me estaba dando un error antes de solicitar el pais, ubicacion,etc aunque creaba el archivo igualmente. Me he bajado otra version de openssl para windows, ahora no me da ese error referente a las librerias.
Pero sigo sin poder conectarme ahora me da el Error que no puede autenticar el equipo remoto. Creo q el problema era el sistema del portatil desde q intentaba hacer la conexion, es un w7 litle y no se algo debe tener mal al respecto, pq me conecta con el certificado desde la maquina virtual sin problema, de windowsxp a w7 como server con la vpn tipo l2tp.
Y ahora otra consulta al respecto de las vpn, cuando conectas al server vpn el acceso es local unicamente, no hay acceso a internet. De esta manera la maquina cliente tiene acceso a internet una vez establecida la conexion con el server vpn…. Me parece demasiado sencillo esta parte jajajaja.
Y si conoces algun programa de monitoreo para conexions vpn en entorno windows, cual me recomiendas? Recibir nuevas entradas por email. Este sitio usa Akismet para reducir el spam.
Saltar al contenido. Click en siguiente. Me gusta esto: Me gusta Cargando Click Connect to the network at my workplace to create the dial-up connection. Type a descriptive name for this connection in the Company name dialog box, and then click Next. Click Do not dial the initial connection if the computer is permanently connected to the Internet. Click Next. Click Anyone's use if you want to permit any user who logs on to the workstation to have access to this dial-up connection.
Click My use only if you want this connection to be available only to the currently logged-on user. Click Properties to continue to configure options for the connection.
To continue to configure options for the connection, follow these steps:. Click Start , point to Connect to , and then click the new connection. If you don't currently have a connection to the Internet, Windows offers to connect to the Internet. When the connection to the Internet is made, the VPN server prompts you for your user name and password.
Type your user name and password, and then click Connect. Your network resources must be available to you in the same way they're when you connect directly to the network. To disconnect from the VPN, right-click the connection icon, and then click Disconnect. Cause : The name of the client computer is the same as the name of another computer on the network. Solution : Verify that the names of all computers on the network and computers connecting to the network are using unique computer names.
For more information about how to turn on the remote access server, see the Windows Server Help and Support Center. For more information about how to configure ports for remote access, see the Windows Server Help and Support Center.
For more information about how to view properties of the remote access server, see the Windows Server Help and Support Center. To do so, click Ports in Routing and Remote Access. Cause : The VPN client and the VPN server in conjunction with a remote access policy aren't configured to use at least one common authentication method. Solution : Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common authentication method. For more information about how to configure authentication, see the Windows Server Help and Support Center.
Cause : The VPN client and the VPN server in conjunction with a remote access policy aren't configured to use at least one common encryption method. Solution : Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common encryption method. For more information about how to configure encryption, see the Windows Server Help and Support Center.
Cause : The VPN connection doesn't have the appropriate permissions through dial-in properties of the user account and remote access policies. Solution : Verify that the VPN connection has the appropriate permissions through dial-in properties of the user account and remote access policies. For the connection to be established, the settings of the connection attempt must:.
For more information about an introduction to remote access policies, and how to accept a connection attempt, see the Windows Server Help and Support Center.
Cause : The settings of the remote access policy profile are in conflict with properties of the VPN server. The properties of the remote access policy profile and the properties of the VPN server both contain settings for:.
If the settings of the profile of the matching remote access policy are in conflict with the settings of the VPN server, the connection attempt is rejected. Solution : Verify that the settings of the remote access policy profile aren't in conflict with properties of the VPN server. Cause : The answering router can't validate the credentials of the calling router user name, password, and domain name.
Solution : Verify that the credentials of the VPN client user name, password, and domain name are correct and can be validated by the VPN server. Solution : If the VPN server is configured with a static IP address pool, verify that there are enough addresses in the pool. If all of the addresses in the static pool have been allocated to connected VPN clients, the VPN server can't allocate an IP address, and the connection attempt is rejected. If all of the addresses in the static pool have been allocated, modify the pool.
Solution : Verify the configuration of the authentication provider. Solution : For a VPN server that is a member server in a mixed-mode or native-mode Windows Server domain that is configured for Windows Server authentication, verify that:.
If not, create the group and set the group type to Security and the group scope to Domain local. You can use the netsh ras show registeredserver command to view the current registration.
You can use the netsh ras add registeredserver command to register the server in a specified domain. To immediately effect this change, restart the VPN server computer.
For more information about how to add a group, how to verify permissions for the RAS and IAS security group, and about netsh commands for remote access, see the Windows Server Help and Support Center. If not, type the following command at a command prompt on a domain controller computer, and then restart the domain controller computer:. For more information about Windows NT 4. For more information about how to add a packet filter, see the Windows Server Help and Support Center.
Cause : The appropriate demand-dial interface hasn't been added to the protocol being routed. Solution : Add the appropriate demand-dial interface to the protocol being routed. For more information about how to add a routing interface, see the Windows Server Help and Support Center.
Cause : There are no routes on both sides of the router-to-router VPN connection that support the two-way exchange of traffic.
Create routes on both sides of the router-to-router VPN connection so that traffic can be routed to and from the other side of the router-to-router VPN connection. You can manually add static routes to the routing table, or you can add static routes through routing protocols. For more information about how to add an IP routing protocol, how to add a static route, and how to perform auto-static updates, see Windows Server online Help. Cause : A two-way initiated, the answering router as a remote access connection is interpreting router-to-router VPN connection.
Solution : If the user name in the credentials of the calling router appears under Dial-In Clients in Routing and Remote Access, the answering router may interpret the calling router as a remote access client.
Verify that the user name in the credentials of the calling router matches the name of a demand-dial interface on the answering router. If the incoming caller is a router, the port on which the call was received shows a status of Active and the corresponding demand-dial interface is in a Connected state.
For more information about how to check the status of the port on the answering router, and how to check the status of the demand-dial interface, see Windows Server online Help.
0コメント