I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office.
The current setup involves a NAT Router (Just a standard ISP-distributed router) that sits in front of said server. It assigns the server a static LAN IP, but I've configured the server to get that IP anyways.
On this server, Active Directory is installed. I own the domain, and everything works fine, in that department. I don't have two network cards, so I installed the Microsoft Loopback Adapter per someone's advice.
However, difficulties emerge when it comes down to IKEv2. I've created a custom certificate template that gives it the required Key Usages and Extended Key Usages, and also made it so that I configure the CN manually. Now, as long as the CN matches the address I specify in the client, it works on the server (it can connect to itself). However, this is not so when I connect on another computer in the same internal network.
IKE failed to find valid machine certificate. Contact your Network Security Administrator about installing a valid certificate in the Appropriate Certificate Store.
I looked into it and determined one issue could be the loopback adapter, since it doesn't seem to be getting assigned a proper address (it gets assigned 169.xx.xx.xx, which I've seen is the "arbitrary" failsafe result). Furthermore, BPA has yielded some concerning errors:
Warning: IPv4 DHCP Relay Agent should be configured with at least one DHCP server.
Warning: The subject name of the certificate to be used for IKEv2 or SSTP must match the name of the RRAS server or the IP address of the external interface of the RRAS server Configuration
These two are the most concerning. I want to know what I can do to get this damn VPN to properly work. In the end, what I should be able to do is A) use it as a "proxy" for all of my network traffic, and B) access my files through the domain.
And, before I post, let me just say that I'm aware you're not supposed to use your Domain Controller as your NAS/RRAS Broker. It'll be fine, though.
