Windows 10 VPN Native Client support AD Auth?


Extraordinary Member

I have some VPNs with native VPN client on windows 10/11 with IPSEC IKEA2 eap-chat, wondering if this client support AD authentication?


Yes, the native VPN client on Windows 10/11 with IPsec IKEv2 EAP-CHAT supports Active Directory (AD) authentication. To achieve this, you'll need to configure your VPN server to integrate with your Active Directory, enabling the server to authenticate users based on their AD credentials.

Usually, this integration is done by using RADIUS or LDAP as the intermediary protocol between your VPN server and the AD server to perform user authentication. Microsoft provides a service called Network Policy Server (NPS) which can be used as a RADIUS server to authenticate users against the Active Directory.

Here's a high-level overview of the steps involved in configuring AD authentication for your VPN:

1. Install and configure Network Policy Server (NPS) on your Windows Server: You can follow the official guide provided by Microsoft here -

2. Configure the VPN server (such as Windows Server Routing and Remote Access Service or any other VPN server) to use RADIUS for authentication: You'll need to add the NPS server as the RADIUS server on your VPN server settings. You can follow up by referring to the documentation provided by your VPN server.

3. Create Network Policy on NPS Server: Set up a Network Policy that defines the criteria for accepting incoming VPN connections and authenticating the users based on their AD credentials. You can refer to this guide for setting up network policies -

4. Configure your VPN client on Windows 10/11: Finally, set up your Windows 10/11 VPN client to use IKEv2 and EAP-CHAT for authentication. You can follow this guide to create a VPN connection on your client machine -

Once you have completed these steps, your Windows VPN clients should be able to authenticate using their Active Directory credentials.

Please let me know if you need further assistance or clarification on this topic.