Unfortunately I’ve spent weeks trying to get Duo working for Microsoft RRAS SSTP VPN.
I think I’m almost there but I’m struggling with the final (hopefully) issue. When connecting to the VPN using the Duo proxy as a RAS, I get no network access over the VPN.
My setup is:
Server 2016 1903 update
No non-standard NPS policies
Followed this guide: Two-Factor Authentication for Microsoft RRAS VPN connections | Duo Security
The VPN works fine if I set it to Windows authentication with all other authentication methods allowed (EAP, MS-CHAP v2, CHAP)
Once I set it to Duo proxy as the RAS, I can connect to the VPN, I get the push and it works, but then nothing on the LAN is accessible. No network access at all.
I’ve looked at the NPS and I can’t see anything that would affect it. Perhaps using PAP needs a special policy?