Routing and VPN server on Windows Server 2012

  • Windows Server
  • VPN, Routage
  • 4/4

9. Bonus : CMAK

9.1. VPN client configuration

For now, everything works. The server is configured and the VPN client is also configured.
However, configuring a VPN server can be more complex and more secure. By using this type of VPN, this or that DNS server, ...

In short, if you decide to allow specific types of VPNs and not others, or want to use specific configurations for some user groups, the client-side configuration can become complicated for the end user.
To make this very simple for the end user and for system and network administrators, Microsoft have created a utility called "CMAK".

To launch it, go to the home screen and double-click on "Connection Manager Administration Kit".

Note : this utility was installed automatically when installing the "Remote Access" role.

The "Connection Manager Administration Kit" wizard appears.
Click Next.

Choose the option that corresponds to the end-user operating system.
In our case, we will create a client for Windows 7, so we select "Windows Vista or above".

Select "New profile".

Type the name that will appear in the end-user's network connections.
And specify a name for the executable file that will be generated at the end of the wizard.

To simplify the life of our users, we will add the name of our KERBEROS domain (the NETBIOS name of the domain).
In our case : INFORMATIWEB.

Thanks to this parameter, our users will be able to connect without having to add the "INFORMATIWEB\" prefix before their username.

If you want to merge profiles, you can do it here.

Check "Phone book from this profile" and enter the external IP address of your VPN server in the "Always use the same VPN server" box.

In our case, we only have one VPN server.
If you click Edit, you can change the IP and DNS configuration, the type of VPN to use, ...

In IPv4 and IPv6, you can choose whether to use DNS server addresses sent by your DHCP server, or whether you want to use others for this VPN profile.

In the Security tab, you can choose the VPN's type that you want to use.
As you can see, by default, the VPN client will first attempt to use PPTP.

Then, you can also require data encryption (which is strongly recommended) or if it can be optional (be careful : hackers will be able to intercept data if encryption is not enabled).

Click Next.

At this step, uncheck the "Automatically download phone book updates" box, because we will not use it.
Note : if you don't uncheck this box, the wizard will then ask you to configure the address of the phone book to be updated.

The wizard displays the list of entries for remote access.

If you wish, you can change the routing tables.

You can also configure the proxy settings.
Especially for filtering the Internet connection of users connecting with this VPN client.

If you wish, you can also add actions (eg start a program) to execute before or after the connection, ...

You can also choose the image to display at the top of the login window.
For example, your company logo.

Change the image for the phone book.

Change the program icon.

Add a custom help file.

Add information about your company's technical department.
For example: the e-mail address or telephone number of your system administrator or the person who takes care of the VPN server.

Add a license agreement.

Add additional files (if you wish).

Finally, click Next to generate the new VPN client.

As you can see, this wizard will generate an exe file that you can send to your users so that the VPN client will be automatically installed and configured on their PC.

9.2. VPN client installation

For the end user, the VPN client installation will be very simple.
Just run the exe file you provided and click Yes.

Click OK.

Since we already specified the name of our domain when configuring this VPN client, simply enter the username and password.
Then, click Connect.

The VPN connection is established and it appears in the user's network connections.

Finally, the result is the same, but the system administrator will have pre-configured everything upstream.

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.