Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

#99782 27-Mar-2012 11:33
Send private message

TMG is currently installed with wildcard certificate as a reverse proxy for a combination of MS and non-MS HTTPS traffic, I would like to add SSL VPN functionality to the mix, but if I did, what URL would be used for VPN target?

Create new topic
lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #600640 27-Mar-2012 11:49
Send private message

Note: I suspect that SSTP will attempt to bind to 443 and will not share with the Reverse Proxy function, I wonder however if I can create an additional listener on another adapter and Reverse Proxy the SSTP traffic to that?



Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #600659 27-Mar-2012 12:20
Send private message

The SSTP actually binds to IIS. I have it happily sharing with Exchange ActiveSync and Remote Desktop Gateway on my 2008 server (no TMG though).

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #600673 27-Mar-2012 12:50
Send private message

Now that I did not know. That changes my approach significantly. Assuming the client passes the URL in the message I should be good to go with a stand alone host.



lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #600871 27-Mar-2012 18:14
Send private message

Any tips on diagnosing SSTP behind TMG? I can get to it, confirmed by toggling users "dial-in" setting between Allow & Deny and getting the expected 812 error when deny, but when allow is set I get "registering computer" and then Error 619. I checked this article and the hash on the reverse proxy and the RAS match.

Note: tested this directly and VPN established successfully. TMG reports the traffic being redirected successfully, i.e. no drops or blocks.

Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #601106 28-Mar-2012 09:40
Send private message

Hmm. I'm afraid you've gone a bit beyond my realm of knowledge there. I'm certain someone here will be able to help with that though.

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #601117 28-Mar-2012 10:07
Send private message

Going to rebuild with an on-domain RAS machine and RODC, I suspect it's a certificate chaining issue. If not, I've read an article where others have made this work by changing the RAS to being unencrypted. I'll update this with my findings.

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #601164 28-Mar-2012 11:55
Send private message

Yes, that worked. Created a server with a FQDN, installed the certificate and installed RAS. Then set that in the reverse proxy and connection was successful. Seems the certificate path must hold all the way through for this to work, other end-points I have gotten away with installing their self-signed certificates into TMG.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.