Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to switch from VPN MS-CHAP v2 authentification to PEAP ?

Posted on 2014-04-18
5
Medium Priority
?
338 Views
Last Modified: 2014-06-11
Hi everybody,

I have a server 2008 R2 where the Network Policy and Access Services is installed.

Actually, the VPN type is PPTP using MS-CHAP v2 authentification and since MS-CHAP v2 has been broken, it's recommended to use PEAP so I'm trying to do so...

I read a bunch of pages about this but no one is clear about the steps I should follow from here so I'm looking for a step by step description of what I must exactly do to configure my VPN to use PEAP instead of actually MS-CHAP v2.

I assume that I will have to change the authentification protocol type on the client side and on my network policy on the server as well but it seems that there are certificates involved in this process but I can't find much about this part... I think I will have to install the active directory certificate services or something like that but I will not go further without any accurate information...

Thanks for your help !

Anthony
0
Comment
Question by:Anthony_86
  • 3
  • 2
5 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1500 total points
ID: 40010042
If at all concerned about security it is recommended you install a VPN capable router.  Configuring Microsoft servers to use more secure methods including certificates can be involved and time consuming.  VPN routers these days are very affordable, starting at $150.  They increase security by moving the authentication to the perimeter of the network, use proper IPsec, and improve performance slightly by offloading the encryption/decryption to a dedicated device.

If you want to use a Microsoft option, Server 2008 and newer are ideally suited to an SSTP VPN
http://technet.microsoft.com/en-us/library/cc731352(v=ws.10).aspx
https://www.youtube.com/watch?v=QKSNDITI3pE
0
 

Author Comment

by:Anthony_86
ID: 40010245
Hi Rob,

Thanks for your answer... Indeed all roads lead to Rome :)

For the moment I would just like to implement the PEAP authentification to my existing VPN so I will see if someone else has the knowledge of those steps and can describe me those...

Otherwise, I may consider to follow one of your suggestion and at that moment I will accept your comment as solution :)

Have a nice day !

Anthony
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40010434
No problem. I am afraid I am not much help with it, I have not done so since Server 2000. Thanks for the feedback.  I will continue to follow to see hoe you make out.

Cheers!
--Rob
0
 

Author Comment

by:Anthony_86
ID: 40127109
Hi Rob,

Just for info, I finally buyed a VPN router, I was for me the most simple way to solve this...

Thanks ;)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40127151
Glad to hear.  Thanks Anthony.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question