ASDK - User's VPN Setup RRS feed

  • Question

  • In order for users to consume the resources of a ASDK deployment they must first configure a VPN connection into the environment. As documented on this page, we are required to provide users a script with the "<operator's password provided when deploying Azure Stack>". Although an instance of ASDK is not "production" and "isolated", there still is a concern of the security exposure of the stack's admin credential.

    Is there some way to setup user VPN using non-privileged credentials?

    BTW: I've yet been able to get prompted to accept the stack root certificate after establishing a connection. I've figured out workaround to get cert on client. It would be nice if MS updated the document to offer the solutions.

    Mr Jazze

    Wednesday, April 10, 2019 3:10 AM

All replies

  • I am following up now to see if there is a way to establish a VPN without giving out the operator's password. 

    For the VPN cert issue, I will be reproducing that and following up with a workaround as soon as I am able, so that we can get the cert working again, or publish steps to export the cert. 

    Tuesday, April 16, 2019 12:28 AM
  • As you stated, the current method is done because it is a dev / test environment, so there should not be any security risk. 

    It is possible to create new users and give them permission to VPN, or create a security group with permission and manage the users. I wish I could advise further on the process, but unfortunately Windows Server VPN is not my area of expertise. If you would like assistance with this, your best bet is to ask on the Windows Server forums. 

    Please let me know if you have any other questions. 

    Tuesday, April 16, 2019 8:56 PM
  • What you can do is change the presharedkey of the VPN conntection:

    Get-VpnAuthProtocol | Set-VpnAuthProtocol -SharedSecret "Password" -TunnelAuthProtocolsAdvertised PreSharedKey
    Get-Service -Name RemoteAccess | Restart-Service -Force


    Wednesday, April 24, 2019 6:58 AM