Windows Built-In VPN Client Issues

Protecting Applications forum VPN
, ,
#1

Has anyone seen this before, and if so, what is the cure?

Action needed, but no system prompt, no DUO prompt.

VPN_ActionNeeded
VPN_ActionNeeded2674Ɨ1607 2.31 MB

Ultimately times out. I am curious as to why there is a request for action, but no push and no next steps.

VPN_PolicyError
VPN_PolicyError2312Ɨ2117 2.61 MB

I can add a basic framework of my setup for reference.
Configuration Elements

  • Peplink Balance One Core edge router
  • Server 2012 R2 Domain Controller with NAP
  • Server 2019 VPN Server with RRAS + NAP + DUO Proxy
  • DUO config - I have tried several approaches Radius client, AD client, both, etc.
  • I have ports 443 open in/out on all relevant devices
  • Test device: Windows 10, Built-In VPN client
#2

UPDATE: I figured it out. If you also are trying to do this, I will post a walk-thru.

#3

While I do not need this (yet), Iā€™m sure many, including myself, would love it if you could post your solution. Thank you, @shedev.

1 Like
#4

I can tell you that the NPS plays a role, on both the RRAS server and a domain controller. The setup is simple, but not straightforward. I will post more at a later date.

#5

Currently, we installed DUO on the RRAS server and using Active Directory to authenticate. and it is giving me this error

ā€œ The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.ā€