Today I wanted to do some labs of SSTP Windows Server VPN. What I have done so far, it’s to build a Windows server 2019 as a Domain Controller and as a Certificate Authority.
From my CA I have created a self-signed server certificate in order to install it on my Windows Desktop Client
I have well prepared my server installing Routing and Remote Access role
On the tab "Security" (from properties) I have selected my self-signed certificated and as Authentication Provider I have set it on Windows Authentication.
On the tab IPV4 I have checked Enable IP Forwarding and marked Static: address pool (using an ip pool from 10.0.0.1 to 10.0.0.50 that my vpn users will use)
I have deactivated firewalls rules (because it’s only a test) I have created a vpn user where the option "Network access Permision: Allow access is marked"
Now on my desktop client I have done this Imported my self signed certificate (installing on Trusted Root Certification Authorities)
Configuring my vpn configuration:
Connection name
"usquiano domain"
server name or address
MY public IP ADDRESS
VPN TYPE
SSTP
Type of sign-to-in info
"username and password"
From my home router I have made this port forwarding 192.168.120.170 TCP 443 (the windows server DC-CA local IP)
So I guess that this Redirects a vpn required connection from outside to my WINDOWS SERVER 2k19
My Local Domain is Usquiano.es
I don’t know if this could arise problems because it is a name that I have invented. I have not possess a public domain (I don’t know if I should use usquiano.local as my domain name)
Ok the problem comes when I want to make the connection From my Windows Client (it is connected to another network using a hotspot) I try the connection but I receive the next error: “A required certificate is not within is validity period when verifying against the current system clock or the timestamp int the signed file”
I have already checked that the time on my server and my client are the same.
I have uninstalled the certificate from my client and tried to establish the connection again to see what could happen and I received the same error. So, I don’t know if the problems stand on the self certificate!
I don’t know that I’m doing wrong. Can you give my a hint?
