Duo AuthProxy On RRAS/NPS Server


#1

I’ve deployed duoauthproxy on the server currently hosting the SSTP VPN via MS RRAS. This server also runs NPS locally to provide coverage for RADIUS authenticated wireless access. When NPS and RRAS are installed on the same box RRAS defaults to (and I don’t believe can be disuaded from) leveraging NPS for AAA. At this point I realize I need to RADIUS forward to the authproxy (running n a non-standard port) rather than deploy as the documentation illustrates. I need to retain the first Connection-Request Policy for wireless clients and still forward the SSTP clients to DuoRadiusServer Group. Has anyone else gotten this to work? I realize I may have to move the authproxy but if its possible to leave it that’s preferred.

Thank you,
badgenes


#2

Resolved. Server hosting SSTP had recently been prepared for PCI-DSS 3.2.1 and somehow even TLS 1.2 was disabled.

Me: Thanks badgenes!
Me: Aw shucks, you’re welcome :slight_smile: