Archive
How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access

2024-11-13 In this tutorial you will be shown how to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access. Why is this useful? Well this a

Related articles

VPN for Google
VPN for Google iTop VPN is a good VPN for Google, a free VPN Chrome. iTop VPN Extension also allows you to use it for extreme privacy and unblock feature, no login. VPN, short as a virtual private network, is a widely used tool that allows users to change an IP address, unblock apps and websites, and surf the internet securely and privately further. A free VPN is very few in the industry, but there is one free VPN that has made it. It allows users to connect to the United States, United Kingdom, Australia, and other counties without a subscription, though daily...
Exploring Remote Access VPN (Easy VPN) on Cisco Router with Cisco Secure ACS 5.x
Exploring Remote Access VPN (Easy VPN) on Cisco Router with Cisco Secure ACS 5.x Introduction There are times when you want your employees to have a secure access to your corporate network resources through your Cisco router, along with the option to centrally manage their access with easy manageable configuration rollout on Cisco routers. Allowing remote users to access corporate resources using IPSec on Cisco routers can be implemented with a feature called Easy VPN.     Easy VPN The main advantage of Easy VPN is that IPSec policies are centrally managed on the server (Head end router providing IPSec feature) are pushed to client devices. This policy push is known as Mode Configuration....
6 VPN GRATIS Terbaik untuk Vietnam (2024)
6 VPN GRATIS Terbaik untuk Vietnam (2024) Di Vietnam, ada beberapa pembatasan akses internet. Pemerintah Vietnam telah menerapkan undang-undang sensor internet yang ketat secara nasional yang mencegah masyarakat mengakses jenis konten online tertentu. Bamboo firewall. Terdapat selusin kementerian di negara ini yang memantau aktivitas Internet dan bertindak sebagai badan pengatur. Kementerian-kementerian ini memiliki yurisdiksi untuk memblokir situs web dan memberikan sanksi kepada pengguna yang terlibat dalam aktivitas yang dianggap anti-nasional.Selain pembatasan internet, ada risiko besar lainnya yang sering dihadapi pengguna internet di Vietnam. Penyedia Layanan Internet di Vietnam tidak mematuhi kebijakan privasi yang ketat. ISP terkemuka di negara ini memantau aktivitas pengguna dan bahkan dapat menjual data...
Unified Access
Unified Access Having downloaded the .run installer file, open a terminal window and change into the download directory (often “Downloads”):           cd Downloads Make the file executable:           chmod a+x <installerfilename.run> Execute the file as the super user, ensuring to add the “userDomain” command line switch as this will prevent Zscaler prompting you for the domain every time you log in:           sudo ./<installerfilename.run> --userDomain ic.ac.uk Enter your password for sudo if prompted and follow the instructions to install the software.                  ...
Bitdefender VPN for Windows: Connection, Settings, Subscriptions
Bitdefender VPN for Windows: Connection, Settings, Subscriptions In this article, we’ll introduce you to Bitdefender VPN for Windows. We’ll walk you through how to open the app interface, select a VPN server, set up your preferences, and upgrade your subscription plan to Premium VPN. use Bitdefender VPN , data encrypted travels secure tunnel , making difficult online access private information . actual IP address hidden , websites online services IP address VPN server . This is adds adds extra layer security privacy online activities , especially public Wi - Fi networks , helps protect data potential hackers snoopers . enhancing online privacy , VPN access content restricted...
VPN device policy
VPN device policy VPN device policy The VPN device policy configures virtual private network (VPN) settings that enable user devices to connect securely to corporate resources. You can configure the VPN device policy following platforms. Each platform requires a different set values,which are described in detail in this article. To add configure this policy,go to Configure > Device Policies. For more information,see Device policies. Note: Citrix SSO for Android and iOS are now called Citrix Secure Access. We are updating our documentation to reflect this name change. Requirements for per-app VPNs You configure the per-app VPN feature following platforms through VPN policies: iOS...

In this tutorial you will be shown how to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access. Why is this useful? Well this allows us to just disable a user account in Active Directory after a termination and the previous employee will no longer have VPN access to the network. This will prevent Tech Support having to manually remove VPN users every time an employee is terminated.

Prerequisites for this tutorial.

  1. Internal Unifi Controller and Firewall, I myself am using a UDM-PRO for that function.
  2. Unifi equipment assigned static IP addresses outside DHCP Scope . write IP addresses alongside model unique .
  3. Stand up a new physical or virtual server with Windows Server 2019.
    • I is called called new virtual server HDN – RADIUS . 1vcpu 4GBram 60 GB HDD
    • Install all updates on new Radius server
    • Assign static IP address .
    • Join new Radius server to the domain.
    • At this point create a Backup or a Virtual Snapshot before moving forward with the tutorial.
    • I am a firm believer on keeping AD\DC server clean. So do not configure these roles on that server.

Lets get started with installing the required Windows Server Roles!

We will be starting with the newly created Windows Server 2019 and installing the roles we need for radius to work with your Unifi Controller and RADIUS VPN access.

  1. Open your Windows Server Manager > Click Manage > Click Add Roles and Features.
  2. Click Next until you reach Server Roles. Enable The following.
    • Active Directory Certificate Services
    • Network Policy and Access Services
    • Remote Access
  3. Once the items are selected and the prerequisites are approved click Next until you reach AD CS / Roles Services.
  4. Under Role Services select Certification Authority  click .
  5. Now within Remote Access and Role Services, select DirectAccess and VPN (RAS) and click Next.
  6. Now click Next all the way through and then Install the Roles and wait until you receive the message that all your roles are installed successfully. Once successful you can close the window.

 

 

Lets open up the firewall ports needed.

Here we are going to open up the firewall ports that we need for RADIUS to work with the UDM-Pro Unifi Controller.

  1. RADIUS server search Advanced task bar search menu select  Windows Defender Firewall Advanced Security .
  2. Locate Inbound Rules > Right Click Inbound Rules > Select  New Rule
  3. Select  Port  click .
  4. Select  UDP and provide the Specific Local Ports you want opened which is Port 1812 and then click Next.
  5. Select  Allow the connection  click .
  6. Check mark: Domain, Private and Public. Afterwards click Next.
  7. Give your Rule a name, I is used Radius UDP 1812 . click Finish .

 

Lets Configure Active Directory Certificate Services

We are making progress. Here we will be configuring Active Directory Certificate Services, this will be needed for the for your devices to be able to authenticate with the RADIUS Server

  1. Open up Window Server Manager. Click on the Flag and then locate Configure Active Directory Certificate Services.
  2.  Credentials you will want to specify a Domain Admin Account, then click Next
  3.  Role Services check the box for Certification Authority and click Next
  4. For Setup Type we will want to select the radio button for Enterprise CA, then click Next.
  5.  Type  select radio button  Root CA  click .
  6. For Private Key we will be providing our own key so we can document it and have it handy. Select the radio button for Create a new private key and then click Next.
  7.  Cryptography the defaults can stand as is. Go ahead and click Next.
  8. Double check your CA Name Settings. They is be similar domain server course . click .
  9.  Validity Period you can set your certificate to expire whenever. However my personal preference is 100 years so we do not have to bother with certificate expirations any time soon. Afterwards click Next.
  10. In Certificate Database section leave these paths the same and click Next.
  11. Review the Confirmation and select the Configure button.
  12. Once configured your Results should be Configuration Succeeded. Afterwards click close and we are done with the certification creation.

Lets configure our Network Policy Server

Here we will be configuring the security policies required for our Unifi Controller and our UDM-Pro Firewall to communicate with the Radius server and Active Directory / Domain Controller to allow those VPN connections.

  1. Open  Windows Server Manager click Tools > Select  Network Policy Server.
  2. Network Policy Server window opened . LocateRight Click on RADIUS Clients, followed by clicking on New to add a new client.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  3. windowNew RADIUS Client , you is want want refer list equipment IP Addresses Device Names .
    • Friendly name use your UDM-Pro Equipment’s unique name.
    • For Address use the assigned static IP address of your firewall
    • Now for Shared Secret, select radio button Manual . Type strong password write . password UDM – Pro Unifi Controller click OK .  
      How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  4. Now back on the Network Policy Server window Locate Policies and expand that to reveal Connection Request Policies. Right Click that and then click New
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  5. Once the new Connection Request Policy window is open type in a policy name. I is using UniFi VPN Access . click .
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  6.   step clickAdd.. button.
  7.   Now with the selection for a condition window is open. Locate and click on Client Friendly Name. click Add …  
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  8.   With this next step type in the hostname of your appliance, in my case for me it is UDMPRO. Then click on OK.
  9.   you is be New Connection Request Policy window click4 times bypassing all the other prompts until you see the Finish button . Click Finish .
  10. You is beNetwork Policy Server window. Locate Network Policies Policies .Right Click Network Policies and then click New.

  11.   In the New Network Policy window. Type in your Policy Name and then click Next.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  12.   Now your going to click the Add Button is specify specify Condition .  
  13. The condition we will be selecting is User Groups and applying Domain Users. Now you can specify a new group that you created yourself just for VPN users as well.  
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  14.   Now that my VPN users group is added click Next.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  15. Keep Access granted selected and click Next.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access

  16.   On the next window Make sure that we have the follow checked and then click Next all the way to the end and then click Finish.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  17.  We are almost done with Network Policy Server. We will now have to register this new RADIUS server with Active Directory. Open  Network Policy Server, right click  NPS ( Local )  menu select Register server in Active Directory. Now we are finished with this section!

Configuring your UniFi Controller and UDM-Pro Network to use Windows RADIUS Server for VPN Access.

We finally made it to the last few steps which are to configure the UniFi Controller and UDM-Pro network for Windows RADIUS Server VPN access. 

  1. Log into your Unifi Controller. Locate click  Gear Icon  click  Advanced Features
  2. Scroll locate RADIUS section . click  Add RADIUS Profile

  3. To keep it simple I am group to name this RADIUS profile as my server name. 
  4. Scroll down until you find RADIUS Settings and select the expand arrow button.
  5. Here you will add your RADIUS server’s static IP address and the Shared Secret you wrote down when configuring the Unifi Devices in the Network Policy Server. Keep the ports the same for both Authentication Servers and RADIUS Accounting Servers. Once done click Apply Changes button.
  6. we is move forward configuringUnifi VPN Access. Locate and click on Networks in the UDM-Pro Unifi Controller. 
  7.  Click on Add New Network Button.
  8. Name your new VPN network. I’m calling it RADIUS VPN Access. Locate section calledVirtual Private Network [VPN] and click on the arrow dropdown .Select Advanced for VPN Setup followed by clicking on Remote Access to reveal additional setting options. 
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access
  9.   we is going going review apply setting changes VPN Access . sure generatestrong pre shared secret, you will not need this for future vpn access. Select the Wan IP address to use for your incoming VPN access. Scroll down to User Access and change the User Access List [RADIUS Profile] from default to the Radius VPN Profile you created. 
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access

  10.  Scroll down and expand the section for Advanced. For your internal VPN Subnet, click Auto Generate new address range VPN users . locateselect, Require Strong Authentication.  Then we can finally click on the Add Network button to complete the entire setup.
    How to configure Windows Server and UDM-PRO UniFi Controller for RADIUS VPN access

That was exciting! We are finally finished. On your windows computer create a new VPN connection pointing to your Unifi Firewalls Wan IP and you will be prompted to type in your domain username and password. 

How To Configure your Unifi Controller to use Windows RADIUS for Wireless Access

I hope this article was helpful, if you have any questions, please feel free to contact me. If you would like to be notified of when I create a new post, you can subscribe to my blog alert.

Related

Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.