Elastic Cloud Gate

AWS Blog

How to setup RRAS SSTP VPN on AWS VPC with Active Directory Authentication – Step by Step – Part 6

In this article we will explain step by step how to setup Windows RRAS SSTP VPN on AWS VPC with Active Directory Authentication.

Part 1 – Setup VPC
Part 2 – Launch EC2 Instance for Active Directory Server and RRAS Server
Part 3 – Setup Active Directory / Domain Controller
Part 4 – Setup RRAS
Part 5 – Configure Active Directory Certificate Service
Part 6 – Configure RRAS
Part 7 – Adjust VPC Configuration
Part 8 – User Computer Configuration

Part 6 – Configure RRAS

1. From Server Manager click Add roles and features
2. Click Next, Next, Next
3. Select Network Policy and Access Services

RRAS

4. When new popup open, click Add features

RRAS

5. Click Next, Next, Next, Install
6. When finish click Close
7. Go back to Server Manager click Add roles and features
8. Click Next, Next, Next
9. Select Remote Access, click next, next

RRAS

10. Check “Direct Access and VPN” and Routing

RRAS

11. When new popup open, click Add features
12. Click Next, Install
13. When finish click Close
14. Open MMC from File menu select Add/Remove Snap-in
15. Select Certificates click Add

RRAS

16. Select Computer Account, click Next

RRAS

17. Select Local computer, click Finish, click OK

RRAS

18. Expend Personal, right click on Certificates select All Tasks->Request New Certificate

RRAS

19. Next, Next, Check SSTP-VPN, click “More information is required …..”

RRAS

20. From Subject name drop down list select Common name, under value enter your public name of your VPN server. This should be name that will be register in public DNS e.g. vpn.mycompany.com; click Add, Click OK

RRAS

21. Click Enroll, click Finish

RRAS

22. Go to Trusted Root Certification Authority, click Certificates
23. You should see the CA certificate that was created when you configured Active Directory Certificate Service – in our example MyDomainCA
24. Right click on that certificate select All Tasks->Export

RRAS

25. Click Next, Next, select location where you want to save it. Click Next and Finish. Keep this certificate in safe place – you will have to install it on the client computer that you want to grant access to VPN to
26. Close MMC console
27. From Server Manager go to Tools menu and select Routing and Remote Access

RRAS

28. Right click on RRAS server and select Configure and Enable Routing and Remote Access

RRAS

29. Click Next, Select Custom Configuration, Click Next

RRAS

30. Select VPN access, click Next, click Finish

RRAS

31. Click start service
32. Right click on the RRAS and select Properties

RRAS

33. Go to Security tab and under Certificate select the one you requested in previous step – in our example vpn.mycompany.com

RRAS

34. Go to IPv4 tab, select Static address pool and click Add

RRAS

35. Enter the IP range that will be assigned to VPN clients. This range should be different then your VPC network. In our example we going use 10.50.10.10 – 10.50.10.20; click OK

RRAS

36. Click OK, click Yes
37. Right click on Static Route and select New Static Route

RRAS

38. Enter following
a. Destination will be your private VPC subnetwork – in our example: 10.20.2.0
b. Network mask: in our example 255.255.255.0
c. Gateway: is the default gateway of RRAS server – in our example 10.20.1.1
d. Click OK

RRAS

, ,

Leave a Reply