Windows Always On VPN (AOVPN) Overview and Requirements

Posted on Christian By Christian No Comments on Windows Always On VPN (AOVPN) Overview and Requirements
Windows 10

n this article, we shall discuss “Windows Always On VPN (AOVPN) Overview and Requirements”. Remote Access is one of the components of empowering remote workers to be productive. Always On VPN is easy to use and easy to implement. Thereby providing a seamless and persistent connection for your Windows 10 mobile devices. Kindly see Quick Steps in Setting Up AWS VPC, and how to Activate (License) Cisco ASA 5505.

In the past and to date, this has been implemented by Virtual Private Network (VPN). This setup can be extremely difficult when you are inexperienced.

Brief difference between Windows Always On VPN and DirectAccess. These two technologies provide seamless, transparent, always-on remote network access for Windows clients.
- Always On VPN is provisioned to the user.
- DirectAccess is provisioned to the devices
This presents a challenge for deployment scenarios that require the VPN connection to be established before the user logs on.

Also, see How to mount a USB Drive in Linux, Installing Proxmox VE: Fix Volume Group Creation Error, and WatchGuard Log and Report Server Installation in a VM.

Windows 10 Always On VPN

Windows 10 Always On VPN is a common way of allowing remote users to access resources behind a perimeter network securely. And as more employees are being asked to work from home, organizations need to provide effective but secure remote access.

Microsoft Always On VPN can be deployed in the following ways

  • Always On VPN only and
  • Always On VPN with VPN connectivity using conditional Azure Active Directory access.

Previously, DirectAccess was developed in Windows Server 2008 R2. Thus, providing this service to Windows 7 and Windows 8 “Enterprise” edition clients. And this technology has had some drawbacks and difficulties in its implementation. Therefore from Windows 10 and Windows 2016 and above, “Always On VPN” technology was introduced.

DirectAccess is now Always On VPN with the idea to overcome the impediments of DirectAccess. Always On VPN technology. Microsoft is looking to achieve a single solution of remote access that supports a wide array of clients.

Like DirectAccess, the VPN connection is “Always On” meaning there is no user input required unless multi-factor authentication is enabled. As soon as a client is connected to the Internet, the VPN connection is established. Below are some clients “Always On VPN” supports

  • Domian and non-domain joined devices
  • Azure AD joined devices and
  • BYOD devices

Please, see Microsoft Direct Access: Now Always On VPN, Download and install Norton 360 Anti-Virus on your Mac device, and Migrate Microsoft Enterprise Root Certification Authority and Forest Domain to Azure.

Steps for implementing Always On VPN connection.

The following illustration shows the infrastructure that is required to deploy Always On VPN

Always On VPN

DNS name resolution: Needed by the Windows 10 client to resolve the IP Address of the VPN gateway.

When the name is resolved against the public IP Address of the VPN gateway. A connection request is sent to the Always On VPN gateway.

The VPN gateway also serves as a RADIUS client and will forward the connection request over the corporate NPS server to process the authentication request.

The NPS server will ensure the authentication and authorization requests are processed and then decides the request. This request determines if the connection is permitted or denied.

Please, see “The differences between Private and Public networks in Windows to VPN, and how to Configure VPN on Windows Server: How to allow remote VPN Access for Domain or Local Users.

Requirements for Always On

Here are the requirements for Always On VPN. The following requirements (components) are needed to implement Always On VPN.

  • Domain Controller (AD DS): Serves as your Domain controller (DC). AD DS provides a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications.

    Administrators can use AD DS to organize elements of a network, such as users, computers, and other devices, into a hierarchical containment structure. The hierarchical containment structure includes the Active Directory forest, domains in the forest, and organizational units (OUs) in each domain. A server that is running AD DS is called a domain controller.
  • AD DS contains the user accounts, computer accounts, and account properties that are required by Protected Extensible Authentication Protocol (PEAP) to authenticate user credentials and to evaluate authorization for VPN connection requests.
  • A DNS Server: An external and internal DNS strcuture is configured for each zones.
  • Network Policy Server: Ensure the NPS is configured to support AOVPN as this allows Windows 10 Pro and higher clients to benefit from the technology.
  • Certificate Authority Server (CA): Active Directroy Certificate Services (AD FS) is needed to deploy certificates fro remote devices by your Public Key Infrastrcture (PKI) as this is needed for seamless connection.
  • Routing and Remote Access: Remote Access VPN should be anbaled to support IKEv2 connection and LAN routing.

Below are some features of Always On VPN

High Availability (HA): Ensures HA by load-balancing multiple NPS.

  • Advanced Authentication: AOVPN Supports Windows Hello for business. for more information, see the following link.
  • Advanced Traffic Features: Supports traffic filtering, app-triggered VPN, and VPN conditional access can all be used with the Microsoft AOVPN to further filter and secure traffic.
  • Additional Security Protection: AOVPN is compatible with Trusted Platform Module (TPM) Key Attestation to provide higher security assurance for access

I will be implementing this technology from next month in my laboratory environment, Stay tuned! For more detailed information, see the article.

I hope you found this blog post on “Windows Always On VPN (AOVPN) Overview and Requirements” very helpful. If you have any questions, please let me know in the comment session.

5/5 - (1 vote)
Windows Server Tags:, , ,

Related Posts

More Related Articles

HighA Virtual Machine Scale Set: Demonstrating High Availability in Azure AWS/Azure/OpenShift
https blogs images.forbes.com jasonevangelho files 2018 06 windows 7 2018 edition 1200x676 1 Windows deployment cannot continue, the operating system is missing via MDT deployment Windows Server
article 1280x720.aa742702 How to create a custom view in Windows Event Viewer Windows Server
Install Lets Encrypt Certificate on Windows with Certbot Install Lets Encrypt Certificate on Windows with Certbot Web Server
diag7 How to run Windows Memory Diagnostics Tool on Windows Windows
MSIEXEC returned 1602 Fix MSIEXEC returned 1602: Trellix Setup cannot use this account Windows Server

Leave a Reply