![]() With Always On VPN DPC, enable the VPN Tunnel Metric group policy setting and enter a value lower than the wired connection to solve this problem. To fully resolve this, the administrator must edit the rasphone.pbk file. Administrators can update the interface metrics using PowerShell, but it is not persistent. Once again, there is no option for changing this setting using Intune or XML. ![]() This happens because the wired connection has a lower network interface metric than the VPN tunnel adapter. Here, name resolution queries may fail or return incorrect IP addresses. Interface MetricĪnother common problem Always On VPN administrators encounter is name resolution, specifically when the endpoint uses a wired local connection. ![]() Simply enable the VPN Protocol advanced setting in group policy and choose IKEv2 First, SSTP Fallback. However, it’s even easier using Always On VPN DPC. The setting can be changed using Intune proactive remediation or a PowerShell script. While editing a text file is easy, doing it at scale is more complicated. To change this setting, the administrator must update the VPN configuration file (rasphone.pbk) and change the value of VpnStrategy to 14. Unfortunately, there is no way to configure this using Intune, XML, or PowerShell. Instead of selecting one protocol over the other, some administrators may choose to configure Always On VPN to prefer IKEv2, then fall back to SSTP if IKEv2 is unavailable. For example, IKEv2 has better security options, but SSTP is more firewall-friendly and reliable. Each protocol has its advantages and disadvantages. The two most common VPN protocols used with Always On VPN are Internet Key Exchange version 2 (IKEv2) and Secure Socket Tunneling Protocol (SSTP). In this post, I will describe some of its advanced capabilities that administrators will find helpful for solving common Always On VPN challenges. The article described the basic functionality Always On VPN DPC provides. Recently I wrote about PowerON Platforms’ Always On VPN Dynamic Profile Configurator (DPC), a software solution that allows administrators to provision and manage Always On VPN client configuration settings using Active Directory and group policy. ![]()
0 Comments
Leave a Reply. |