1
00:00:02,140 --> 00:00:05,540
So to test this VPN connection, there's a couple of different ways to do it,

2
00:00:05,540 --> 00:00:07,740
but I actually like to do it right through UI,

3
00:00:07,740 --> 00:00:11,770
and we can do that very quickly by just clicking on our

4
00:00:11,770 --> 00:00:14,350
Test session and then clicking Connect.

5
00:00:14,350 --> 00:00:16,270
And it probably goes without saying,

6
00:00:16,270 --> 00:00:19,550
your device needs to be on the public internet or not

7
00:00:19,550 --> 00:00:21,250
on your internal network because, obviously,

8
00:00:21,250 --> 00:00:23,270
we want to test this from the outside.

9
00:00:23,270 --> 00:00:24,880
So, I'm going to go ahead and click Connect.

10
00:00:24,880 --> 00:00:27,960
I've already connected this laptop to an external

11
00:00:27,960 --> 00:00:30,190
network, it's not on my lab network anymore,

12
00:00:30,190 --> 00:00:32,740
so we'll click Connect.

13
00:00:32,740 --> 00:00:35,780
And if everything went well and according to plan,

14
00:00:35,780 --> 00:00:39,260
we should see a Connected status here.

15
00:00:39,260 --> 00:00:42,110
That means that the VPN connection is established,

16
00:00:42,110 --> 00:00:44,570
properly authenticated, there were no issues,

17
00:00:44,570 --> 00:00:46,480
and the connection is up.

18
00:00:46,480 --> 00:00:51,340
We can look at this connection using PowerShell.

19
00:00:51,340 --> 00:00:53,920
We use the Get‑VpnConnection command,

20
00:00:53,920 --> 00:00:59,730
and you should see that the connection status shows as Connected.

21
00:00:59,730 --> 00:01:00,330
Great.

22
00:01:00,330 --> 00:01:04,280
But that doesn't really do a whole lot for us other than tell us that

23
00:01:04,280 --> 00:01:07,380
at least part of the configuration is successful.

24
00:01:07,380 --> 00:01:10,270
We're able to get to it from the internet and authenticate, we

25
00:01:10,270 --> 00:01:12,140
really need to see if we can get to some resources.

26
00:01:12,140 --> 00:01:14,970
So let's go ahead and ping some internal resources.

27
00:01:14,970 --> 00:01:18,900
I'm going to go ahead and ping my domain controller now.

28
00:01:18,900 --> 00:01:19,790
That looks good,

29
00:01:19,790 --> 00:01:22,540
and you'll see that it responded using IPv6, let's make

30
00:01:22,540 --> 00:01:26,340
sure IPv4 routing is working as well.

31
00:01:26,340 --> 00:01:27,150
Fantastic.

32
00:01:27,150 --> 00:01:30,560
And name resolution is working because I'm pinging these by their hostname.

33
00:01:30,560 --> 00:01:36,670
Now let's make sure that we can get to a file server without being prompted for

34
00:01:36,670 --> 00:01:42,540
authentication because that's obviously critical as well.

35
00:01:42,540 --> 00:01:43,910
Looks fantastic.

36
00:01:43,910 --> 00:01:46,100
Now let's move a file.

37
00:01:46,100 --> 00:01:50,760
I have a random folder here with some random binary files.

38
00:01:50,760 --> 00:01:56,800
We'll just drag one of those over the desktop, and looks

39
00:01:56,800 --> 00:01:58,680
like file transfer is working good.

40
00:01:58,680 --> 00:01:59,490
So fantastic.

41
00:01:59,490 --> 00:02:02,910
It looks like we have a successful VPN connection

42
00:02:02,910 --> 00:02:06,220
at least with the SSTP protocol.

43
00:02:06,220 --> 00:02:06,840
So,

44
00:02:06,840 --> 00:02:10,930
let's go ahead and disconnect and let's make sure our IKEv2 is

45
00:02:10,930 --> 00:02:13,540
working with device certificate authentication,

46
00:02:13,540 --> 00:02:17,240
which is basically going to be simulating our device‑based connection.

47
00:02:17,240 --> 00:02:22,580
So here I'm going to go back to the VPN control panel here,

48
00:02:22,580 --> 00:02:24,310
and then we'll choose Disconnect.

49
00:02:24,310 --> 00:02:26,370
And now I want to make another change,

50
00:02:26,370 --> 00:02:29,870
a quick change to this Test profile, so I'm going to right‑click,

51
00:02:29,870 --> 00:02:31,010
choose Properties.

52
00:02:31,010 --> 00:02:37,070
And here I'm going to go to Security, so we tested SSTP with EAP authentication,

53
00:02:37,070 --> 00:02:41,300
this would simulate the parameters or the configuration settings for

54
00:02:41,300 --> 00:02:45,120
our user tunnel. Now I want to test what would essentially or

55
00:02:45,120 --> 00:02:47,050
effectively be a device tunnel connection.

56
00:02:47,050 --> 00:02:49,000
So I'm going to switch to IKEv2,

57
00:02:49,000 --> 00:02:53,140
and then I'm going to switch to using a machine certificate for

58
00:02:53,140 --> 00:02:57,580
authentication, so I'm going to click OK. And now I'm going to launch this

59
00:02:57,580 --> 00:03:06,820
connection once more, and we're connected successfully. So once again,

60
00:03:06,820 --> 00:03:19,530
let's just make sure that all of the routing is in place and it looks like

61
00:03:19,530 --> 00:03:21,510
everything's working according to plan.

62
00:03:21,510 --> 00:03:24,960
So great news, we validated our connection,

63
00:03:24,960 --> 00:03:29,040
so we can start preparing to deploy this configuration broadly.

64
00:03:29,040 --> 00:03:34,760
But before we proceed, we need to get our EAP configuration file extracted here.

65
00:03:34,760 --> 00:03:35,240
Now,

66
00:03:35,240 --> 00:03:38,160
essentially what we're looking at here if we look at our

67
00:03:38,160 --> 00:03:40,120
adapter properties, and by the way,

68
00:03:40,120 --> 00:03:43,220
I want to go back and change the settings here before

69
00:03:43,220 --> 00:03:45,300
we do this. Change the settings,

70
00:03:45,300 --> 00:03:49,330
go back to Security, and switch back to Extensible Authentication Protocol

71
00:03:49,330 --> 00:03:55,000
because all of this information we need to export to an XML file. And to do

72
00:03:55,000 --> 00:03:58,740
that, you'll install the AOVPN tools module.

73
00:03:58,740 --> 00:03:59,220
And, of course,

74
00:03:59,220 --> 00:04:01,740
I've already done that on this test client. We can see

75
00:04:01,740 --> 00:04:07,840
that we have the module installed here.

76
00:04:07,840 --> 00:04:08,660
So,

77
00:04:08,660 --> 00:04:12,070
the command that we want to run and the function that we

78
00:04:12,070 --> 00:04:14,260
want to use is Get‑EapConfiguration.

79
00:04:14,260 --> 00:04:18,970
So we're going to run the command Get‑EapConfiguration,

80
00:04:18,970 --> 00:04:23,440
and then we're going to specify the connection name,

81
00:04:23,440 --> 00:04:24,700
which was simply test.

82
00:04:24,700 --> 00:04:27,110
Again, if you're using spaces in those names,

83
00:04:27,110 --> 00:04:31,640
you'll have to provide that name in quotes.

84
00:04:31,640 --> 00:04:36,200
So once that's done, it saves that file out to a file called eapconfig.xml,

85
00:04:36,200 --> 00:04:41,340
so let's take a quick look at that.

86
00:04:41,340 --> 00:04:42,130
And there it is,

87
00:04:42,130 --> 00:04:47,900
all of the EAP configuration that we clicked and typed into those windows

88
00:04:47,900 --> 00:04:54,190
earlier, all saved in an XML file, and this file you will need when we get to

89
00:04:54,190 --> 00:04:56,860
the step where we start creating our Intune profiles.

90
00:04:56,860 --> 00:04:59,090
Intune is going to ask us for this information,

91
00:04:59,090 --> 00:05:02,040
so go ahead and save this somewhere that you can reach it,

92
00:05:02,040 --> 00:05:09,000
and then we'll press on with configuring our VPN device configuration profiles in Intune.