Tuesday, October 9, 2018

Lab 16

Lab 16

This lab focussed on setting up a VPN using pfSense as the VPN server. It had a number of issues and I did not get it working even after hours of tinkering, trying forum post ideas, and researching. I decided to leave it unfinished because I was wasting far too much time and I understand how it works. I have set up a VPN through Sophos UTM in the past so I know it shouldn't be difficult.

Exercise 1

In this exercise I set up the network authentication server on the DC. This involved installing the feature, configuring the policy, and adding the server as an authentication server in pfSense.









Exercise 2

In this exercise I had to set up the various configurations for the VPN on the pfSense machine using certificates etc.









Exercise 3

In this exercise I deployed the GPO for configuring the VPN adaptor on the machines it is deployed to.



Exercise 4

In this last exercise, the idea was that I set up the alternative IP, connect the machine to int03, log in with the local admin, then connect to the VPN. I was not able to connect to the VPN, and after trying fixes put up on the forums and lots of my own tinkering with the settings I just ended up with different errors. 

Alternative address working:


Example of the last error I ended up with:






Critical Thinking

Looking back on this lab, I probably would have done better if I wasn't doing it late at night when I was quite tired. This probably affected my thinking a bit causing me to not notice things and get frustrated more easily. I think in my troubleshooting process I could have been more systematic for more efficient problem solving.

Looking at how a business could make use of VPNs, they are great for providing access to a secured network from the outside. VPNs make it possible for employees to access an intranet or company systems that would normally only be accessible from inside the local network through an encrypted tunnel.
A pitfall to look out for is that if the device connecting to the VPN is compromised, it could provide a vector of attack into the network. 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)