- Details
- Category: Windows Server administration
In this article, we'll describe how to deploy an L2TP/IPSec Remote Access VPN (Virtual Private Network) on a Ubiquiti EdgeRouter 4, using RADIUS (Remote Authentication Dial-In User Service) for central user authentication through Windows Network Policy Services, and Duo Security Multifactor Authentication (MFA).
What can I use it for?
Enterprise users who are on business trips or working from home can use a Virtual Private Network to connect their devices to company resources, such as file servers and enterprise applications (e.g., CRM, ERP). In this scenario, we will utilize the Layer Two Tunneling Protocol (L2TP) over Internet Protocol Security (IPSec) encryption to offer VPN services to our users. Since L2TP doesn't have integrated encryption, the data transmitted between users' devices and the VPN server will be encrypted with a 256-bit encryption key. We will use the Network Policy Server (NPS) service in Windows Server 2019 to authenticate users in our on-premises Active Directory.
As an extra security layer, we will utilize Duo Security MFA push notifications on smartphones to approve login requests.