I'm trying to create an always on VPN using server 2019 in my lab. All of the documentation I can find is using 2016. I've read tons about server 2016 as well as always on VPN using 2016. I need to use IKEv2 machine certificates for my scenario. Any advice on the easiest way to get this up and running is much appreciated. In my lab I have a domain controller and PKI, 5 static IP addresses and SonicWall firewall. I do have an Azure subscription and AADConnect. If simplifying this using azure is an option that would be my preferred route.
1. I read that making a VPN connect to Azure is much easier in Server 2019. Would that in conjunction with an Azure VPN Gateway work to fulfill my requirements? If so does anyone have any links to docs on how to set this up?
2. In server 2016 an always on VPN needs a server sitting between two firewalls. I don't have a permiter network in my lab. Can I still accomplish an always on VPN? If so how?
3. In server 2019 do I still need the NPS server and all the other infrastructure documented here? https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-server-infrastructure
4. This is the ONLY guide I've found for VPN on server 2019 and he doesn't cover making it always on or anything about the certs but he does not use NPS or servers in the perimeter network. Does he eliminate those two servers becasue he's not doing always on or because they are no longer required? https://www.thomasmaurer.ch/2018/05/how-to-install-vpn-on-windows-server-2019/#comment-712954
BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo