I'm attempting to setup AlwaysOn VPN using 2016 server for my RAS server.
I can never get the client to connect. I always get the error 809 in the event logs and the error in Windows 10 is that firewalls, NAT or routers are preventing the connection.
There is a firewall in front of the RAS server and it is allowing UDP 4500, 500 and TCP 443, the RAS server has a DMZ interface and a LAN interface.
I have tried setting the gateway on each interface one at a time but it makes no difference. (which interface should have the gateway assigned?)
I can see vpn chatter for port 500 and 4500 via wireshark on botht he client and the RAS server.
I see no entries in the NPS log for a client trying to connect.
I do see the NPS log complain about the RADIUS client for the RAS server when I toggle gateway addresses between the interfaces.
I'm trying to get user tunnels working with zero success. The funny thing is, I enabled machine certificate authentication on the RAS server and then switched the client profile to use machine certificates instead of PEAP and I see a device show up in the RAS cosole even though Windows reports the same failure to connect message due to firewall, NAT, router etc.
The device doesn't stay there very long and I only see what looks to be outbound traffic, nothing inbound when I look at the device connection status.
I followed this guide for the most part. https://www.petenetlive.com/KB/Article/0001399
After reviewing the Microsoft document and some other guides it seems like I have everything configured correctly but it still doesn't work.
I also tried the registry key for AssumeUDPEncapsulationContextOnSendRule set to 2 but it made no difference.
Any guidance or ideas would be much appreciated.