- Details
- Written by: KrisztiƔn Angyal
- Category: Windows Server administration
In this article, we'll describe, how to deploy L2TP/IPSec Remote Access VPN (Virtual Private Network) on Ubiquity EdgeRouter 4, using RADIUS (Remote Authentication Dial-In User Service) to authenticate users centrally through Windows Network Policy Services and Duo Security Multifactor Authentication (MFA).
What can I use it for?
Enterprise users, who are on business trip or working from home, can use Virtual Private Network to connect their devices to company resources, such as file servers, enterprise applications (eg. CRM, ERP etc.) and so on. In this scenario, we will utilize the Layer Two Tunneling Protocol (L2TP) over Internet Protocol Security encryption to offer VPN services to our users. Since L2TP doesn't have integrated encryption, the data transmitted between users' devices and the VPN server will be encrypted with a 256-bit encryption key.
We will be using Network Policy Server service in Windows Server 2019 to authenticate users in our on-premise Active Directory.
As an extra security layer, we will utilize Duo Security MFA push message on smart phone to approve login requests.