SETTING UP AN SSTP VPN SERVER (cannot establish the connection)

juntacadaveres

New Member
Hello there!


Today I wanted to do some labs of SSTP Windows Server VPN.
What I have done so far, it’s to build a Windows server 2019 as a Domain Controller and as a Certificate Authority
From my CA I have created a self-signed server certificate in order to install it on my Windows Desktop Client
I have well prepared my server installing Routing and Remote Access role
On the tab "Security" (from properties) I have selected my self-signed certificated and as Authentication Provider I have set it on Windows Authentication.
On the tab IPV4 I have checked Enable IP Forwarding and marked Static: address pool (using an ip pool from 10.0.0.1 to 10.0.0.50 that my vpn users will use)
I have deactivated firewalls rules (because it’s only a test)
I have created a vpn user where the option "Network access Permision: Allow access is marked"
----------------------------
Now on my desktop client I have done this
Imported my self signed certificate (installing on Trusted Root Certification Authorities)
Configuring my vpn configuration:
Connection name
"usquiano domain"
server name or address
MY public IP ADDRESS
VPN TYPE
SSTP
Type of sign-to-in info
"username and password"
--------------------------------
From my home router I have made this port forwarding
192.168.120.170 TCP 443 (the windows server DC-CA local IP)
So I guess that this Redirects a vpn required connection from outside to my WINDOWS SERVER 2k19
-------------
My Local Domain is

Usquiano.es

I don’t know if this could arise problems because it is a name that I have invented. I have not possess a public domain (I don’t know if I should use usquiano.local)

Ok the problem comes when I want to make the connection

From my Windows Client (it is connected to another network using a hotspot) I try the connection but I receive the next error:

“A required certificate is not within is validity period when verifying against the current system clock or the timestamp int the signed file”

I have already checked that the time on my server and my client are the same.

I have uninstalled the certificate from my client and tried to establish the connection again to see what could happen and I received the same error. So, I don’t know if the problems stand on the self certificate!

I don’t know that I’m doing wrong. Can you give my a hint?
 

Neemobeer

Cloud Security Engineer
Staff member
The certificate needs to be trusted and match the FQDN (not IP) of your external connection point. Basically this won't work in your current config. You'll need at least to have DNS setup and a A record to your public IP and a certificate for that FQDN. There are free cert services such as StartSSL.
 
Top