The Internet is Infected! The Ultimate Cyber Security Guide for Small Business and Home Computing!

If you find the information on this blog valuable you will find my upcoming three volume cyber security books infinitely more so! Visit my website at http://thatcybersecurityguy.com. My 8 years of research and 900 written pages are about much more than just cyber security as my writing presents valuable small business and general home computer knowledge. Visit me on Twitter @ThatCyberSecGuy. See the ACLU video "Invasion of the Data Snatchers" at YouTube to understand why you need my books and PDF files on the infected Internet.


Sunday, February 5, 2017

How to Setup your Windows 10 Pro VPN Client to use at Hotspots and behind firewalls Everywhere


Things are very exciting now that we have 2/3 of the SOHO VPN pie complete. Our router and Windows 10 server configurations are complete. We now have to configure our client as an outgoing VPN connection. Be sure to read all of this blog entry because things get a little tricky. We will need our ISP provided IP address which can be obtained by logging into our router or by opening up Microsoft Edge and typing (What is my IP?). We are going to need this later to configure this VPN client.

Now things get really cool as we are going to configure a local VPN client to test everything out. This eliminates the router as a possible connection point of failure before we even venture out on to the WAN and use infected hotspots. Bring up the Network and Sharing Center by typing in the Type or talk box. Select Set up a new connection or network > on the Choose a connection option screen choose Connect to a workplace, Set up a dial-up or VPN connection to your workplace , Next > On the How do you want to connect? Screen select Use my Internet connection (VPN), Connect using a virtual private network (VPN) connection through the Internet. > on the Type the Internet address to connect to screen we can enter the IPv4 or IPv6 local IP address (I prefer IPv6), leave everything else at the default value > click on the Create button lower right.

Now let us test everything out to see if it is working locally. Bring up the Network and Sharing center and click on the Change adapter settings link on the left > double click on VPN Connection, WAN Miniport (IKEv2) on the VPN screen double click on VPN Connection which was the default name we accepted. NOTE: We could have gotten here by just typing VPN in the Type or talk box. Click on the Connect button > this will bring up the Sign in screen where you will enter the username and password you configured on the server > you will see Verifying your sign-in info and now you are done OR NOT! This is the tricky part I described earlier.



Suddenly we see, The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel the security parameters required for IPsec negotiation might not be configured properly. Whoa, what happened? Everything according to what you have read says this should have worked! It is a great thing we tested our VPN connection behind our firewall on the LAN. When you look at the event log on the server side you might see something like, Event ID 20171: Failed to apply IP Security on port VPN3-0 because of error: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No calls will be accepted to this port.



Correction step 1 is reboot your VPN server and try again. If that does not work disable the Windows 10 firewall and reboot again. When you do and try to connect your client again you may see, Can’t connect to VPN Connection, A connection to remote computer could not be established. You might need to change the network settings for this connection. WOW! Well we have made progress but now we have a different error. Looking at the server event logs again we get Event IDs: 7023, The Connected Devices Platform Service service terminated with the following error: Unspecified error; or RoutingDomainID- {00000000-0000-0000-0000-000000000000}: CoId={3F6A5694-A54B-4F8D-A7F3-204DC42D8442}: The user ASUSCROSSHAIRV\kirk connected to port VPN4-1 has been disconnected because no network protocols were successfully negotiated.

You can beat your head into a wall searching for this error but from my experience with Windows 7, this was a 720 error code and we have to configure the VPN server to assign IP addresses to incoming VPN connections rather than allowing them to be assigned by our DHCP router. Make sure your IP range is one not being used by devices in your LAN.


On the VPN server right click on the Network icon on the desktop arrow down to select Properties, which will open up the Network and Sharing Center (or use Type and talk) > on the left menu click on Change adapter settings > right click on Incoming connections > click on the Networking tab at the top > double click on Internet protocol version 4 (TCP/IPv4) > tick Specify IP address and type the IPv4 range values that will not be assigned to devices on your local network and later your cable modem IP address from your ISP, OK.

Now that we have everything working click on your client VPN network adapter and use the advanced settings to set up all your info to happen with a simple point and click of the mouse. Open up Change Adapter Settings > double click on VPN Connection > click on the Advanced Setting button in the middle to add your connection information

We are done right? Well not really, because we disabled Windows 10 Pro firewall and rebooted out VPN server. It is now broken and wide open to crackers. You can test all this out by enabling your firewall again, rebooting your VPN server as you will see The remote connection was not made because the attempted VPN tunnels failed... error message again. Therefore, we have to figure out how to allow our client VPN through our Windows 10 Pro firewall.

More to come...

No comments:

Post a Comment

Please leave a comment so I can improve my writing and content!