The Forticlient VPN i can download in Microsoft Store
I’m talking about the Windows 10 VPN client in my post, not FortiClient.
Forcing a gpupdate after login won’t catch any login scripts you may have set to run. You’re also not doing an authenticated login against a domain controller either, which is always desirable.
Always there to correct me ;). JK, I did forget about the IKEv2. I’ve set it up, it’s a pain by industry standards. It’s much easier to use FortiClient VPN.
If you create the VPN connection using the native Windows 10 client no admin authentication is needed. For the Azure VPN Gateway Microsoft provides a “VPN Client” that you can download which has the limitation, however this isn’t required if you set it up manually or via GPO.
Yeah there is a Plug-in to the native Windows PPTP/SSTP (?) driver for Fortinet’s SSLVPN implementation.
If you require straight forward, no-nonsense regular auth SSLVPN this plug-in has you covered.
Amen to that.
For the Win10 native client, I still haven’t found the place where it keeps client-side logs/debugs for when things go south. Maybe one day…
Or supported ciphers? Never really found a list either. Always end up just testing and capturing the client’s offers…
however this isn’t required if you set it up manually or via GPO.
Which P2S authentication and tunnel types have you deployed that GPO setup with?
This was one of the things we found back then (the need of the native client to dynamically change the routing entries in windows): Page Not Found
I see now someone mentioned in the comments (last year) that a new Azure VPN Client is available, which supposedly doesn’t need admin rights. I don’t know this app, can’t say anything about it’s easy of use or stability, but it might eventually be a good solution (even though it’s not native, as OP requires)
Event Viewer: Windows Logs: Application
Filter on source RasClient
The out of the box ciphers are not the best, that’s correct. You can manipulate them via PS:
Set-VpnConnectionIPsecConfiguration -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -AuthenticationTransformConstants SHA256128 -DHGroup ECP384 -PfsGroup ECP384
Which P2S authentication and tunnel types have you deployed that GPO setup with?
We’ve deployed it with GPO and Intune using IKEv2 & SSTP.
It’s using EAP-MSCHAP v2 with the “Automatically use my windows login name and password” turned on.
The new client they are referring to is called the “Azure VPN Client” and it does not require admin rights.
I was hoping someone would pop up with an answer. Thanks. 