06-20-2018 04:23 AM
Hi
i have one implementation of ms vpn (sstp, pptp, l2tp) with separate machines
One rras machine (is radius client) and one nps (radius server)
On which machine should install the duo proxy ? .
I have installed (for test) on both machines (one a time)
but it seems is not working.
I was make a proxy config (radius client enabled in section)
The user authenticated without push message. (i have rollout the users)
Any help ?
Thanks
06-20-2018 06:07 AM
In this scenario we’d usually recommend you install the Duo proxy server on neither the NPS nor the RRAS server, but instead install it elsewhere. The NPS server is probably already listening on port 1812 so you’d have a conflict, and if installed on the RRAS server the RRAS to Duo proxy communications will happen via loopback, which makes it more difficult to troubleshoot if something is wrong.
06-20-2018 06:24 AM
You are right
i have already test the proxy on ras (loop back)
without success.
So you recommend to install in another machine
and make a forward radius group on nps machine ?
And probably this machine must have an ad_client config ?
Thanks
06-20-2018 06:29 AM
Are you following our RRAS instructions? There it describes each setup step in detail.
06-20-2018 07:04 AM
Yes, but i don’t see anything about nps config.
I suppose that must make a radius group in nps machine
to forward all request to duo proxy and duo is ad client.
But the policy in nps must match first and after forward the request.
Correct ?
06-20-2018 07:23 AM
You can just point RRAS to the Duo Proxy. That’s what we have documented.
If you wish to still have your RRAS logins go through NPS then yes, you’d need to add RADIUS forwarding on your NPS server.
06-20-2018 08:11 AM
ok i will make a try
thanks
07-08-2018 12:41 PM
Hi there, I followed the manual at Two-Factor Authentication for Microsoft RRAS VPN connections | Duo Security
and here’s what I’m getting DUO AuthProxy with Micorsoft SSTP VPN
I appreciate any help on that without duo MFA we use vpn properly after we make changes to support Duo it stops working at all.
thanks in advance,
Thiago B.
07-09-2018 08:55 AM
There’s not enough information here to know what issues you’re seeing. I encourage you to reach out to Duo Support for one to one troubleshooting assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide