remote-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
remote-access [2020/11/18 15:13]
rafi 		remote-access [2021/07/24 22:32]
rafi
Line 1: Line 1:
 ==== Using Privatise for Remote Access ==== ==== Using Privatise for Remote Access ====
  
-One of the most requested features we have seen over the last year has been software based remote access. Remote access using Privatise is easy to deploy, and can replace clunky hardware. It can be used for encrypted RDP, file sharing, and integration with a Windows server DC for connecting remotely to an Active Directory domain.+Secure Remote access using Privatise is easy to deploy, and can replace clunky hardware. It can be used for encrypted RDP, file sharing, and integration with a Windows server DC for connecting remotely to an Active Directory domain.
  
-We're excited to announce that:+The advantage over using a Privatise Server Agent is that it's easy to setup & allows for secure remote access without having to expose an entire LAN. This makes the connection more secure.
  
-1. You can use Privatise to connect remotely via the Privatise VLAN while still allowing your internal office machines to connect over the normal LAN!+1. You can use Privatise to connect remotely via the Privatise VLAN while still allowing your internal office machines to connect over the normal LAN.
  
 2. Privatise supports Windows Server 2012 and above for integration with your Active Directory Domain Controller. 2. Privatise supports Windows Server 2012 and above for integration with your Active Directory Domain Controller.
  
-3. You can create custom Fully Qualified Domain Names and attach them to static internal IPs (NAT'S) of the Privatise agents. We know many of you want this to be done automatically. We hear you and this is on our roadmap.+3. You can create custom Fully Qualified Domain Names and attach them to static internal IPs (NAT'S) of the Privatise agents. 
  
 Remote Access is supported by version 2.0.3 on the Windows Agent and above. Remote Access is supported by version 2.0.3 on the Windows Agent and above.
Line 15: Line 15:
 Important: When joining an AD Domain, make sure that you have admin access to that client PC in case of any issues or if you have to reset the domain! Important: When joining an AD Domain, make sure that you have admin access to that client PC in case of any issues or if you have to reset the domain!
  
-=== Setting up a Remote Access agent for file sharing ===+----
  
-{{:add-dc-server.png?400|}}+=== Adding a Domain Controller Agent ===
  
-Setting up remote access agent for file sharing is easy to do. Simply follow the following steps:+To connect to Windows Server 2012 and above, you will have to fill the following steps.
  
 1. Click on Add Server or Active Directory DC Agent. 1. Click on Add Server or Active Directory DC Agent.
  
-2. You will be brought to a page to add either an Active Directory DC Agent or Server.+2. You will be brought to a page to add either an Active Directory DC Agent or File Sharing Server Agent.
  
-{{::select-filesharing.png?400|}}+{{::add-server-agents-dc.png?400|}}
  
-3. Add a name for the file sharing server agent. This is for your own records and keeping things organized.+----
  
-4Choose General File Sharing Server+3. Add a name for the Domain Controller agent. This is for your own records and keeping things organised.
  
-When you return to Dashboard, you will see the new file sharing server agent with type "Server" with it's IPYou will install this agent on the file sharing serverIf you want to connect to this server with a fully qualified domain and not IP, please:+4Choose Active Directory Domain Controller.
  
-1Go to Local DNS Records+5. Add the local domain of your DC. For example:: ford.local. Please make sure that the local domain of your DC is NOT accessible over the public internet.
  
-2. Add a Fully Qualified Domain Name on the left, and static IP of the Privatise agent you want to connect to.+You should then make sure to add the DC domain to your DNS-Dashboard local recordsTo do that:
  
-3Alternativelyyou can add an IP address of a general local domain, for example of an office router that is port forwarded to a server.+Go to your [[ROC-DNS|ROC-DNS Control Dashboard]]. 
 + 
 +1. Go to Local DNS Records 
 + 
 +2. Add a Fully Qualified Domain Name (FQDN) of your Domain Controller on the leftand static IP of the Privatise agent you want to connect to.
  
 {{:custom-hostnames.png?400|}} {{:custom-hostnames.png?400|}}
  
-=== Connecting to an AC DC Agent ===+----
  
-To connect to a Windows Server 2012 and above, you will have to fill the following steps.+=== Configuring the Domain Controller ===
  
-1. Make sure routing & remote access is enabled on your Windows Server 2012 and above. +Please make sure to have the following settings configured after installing Privatise on your Domain Controller (Installation Steps are below):
  
-2. Click on Add Server or Active Directory DC Agent.+1Go to network adapters -> TAP Adapter V9 -> Right Click Properties -> IPV4 -> Right Click Properties -> Advanced -> Unclick "Register This Connection for DNS".
  
-3You will be brought to a page to add either an Active Directory DC Agent or Server.+2Go to DNS Manager -> Domain Controller -> Server -> Right Click Properties -> Interfaces -> Click on "Listen on All Addresses".
  
-{{:add-dcagent.png?400|}}+----
  
-4. Add a name for the Domain Controller agent. This is for your own records and keeping things organised.+=== Installation ===
  
-5. Choose Active Directory Domain Controller Sharing.+To install the Server Agent, you should login to the server you want to install it on:
  
-6You will now see the static IP added to that agent in the main dashboard.+1Then login to your managed company portal from the server itself.
  
-{{::dc-ip.png?400|}}+2. Go to "Manage Server Agents" and Install Privatise with the corresponding agent directly onto the server as seen in the image below.
  
-7Make sure to add your AD Domain under local DNS records in your DNS Dashboard as seen in the instructions above, and connect it to the static IP shown above.+{{::manage-server-agents.png?400|}} 
 + 
 +---- 
 + 
 +3. Install the downloaded Privatise Installer executable on the server.
  
 === Troubleshooting === === Troubleshooting ===
Line 69: Line 77:
 A. Check IPConfig on the AD DC, and make sure that it has the correct Static IP. Make sure that you only used the agent once, as static IPs do not support multiple installs. On the client machine, make sure that the agent you have installed is in the same group as the AD DC. A. Check IPConfig on the AD DC, and make sure that it has the correct Static IP. Make sure that you only used the agent once, as static IPs do not support multiple installs. On the client machine, make sure that the agent you have installed is in the same group as the AD DC.
  
-If both of those are correct, make sure you added the DC FQDN to the DNS dashboard under "Local DNS Records".+If that is correct, make sure you configured routing correctly on the Windows Server. See [[https://www.youtube.com/watch?v=GMUiFU63Lk0|this video for more information]].
  
 Q. **I'm not able to add an AD DC or File Sharing Agent** Q. **I'm not able to add an AD DC or File Sharing Agent**
Line 78: Line 86:
  
 A. Most likely you did not install the correct agent on the DC or file sharing server. DC & file sharing agents are specifically configured to allow for normal LAN access. A. Most likely you did not install the correct agent on the DC or file sharing server. DC & file sharing agents are specifically configured to allow for normal LAN access.
 +
 +Q. **Privatise keeps restarting on the Domain Controller**
 +
 +A. Disable DHCP autoconfiguration. Please see [[https://kb.privatise.com/doku.php?id=disabledhcpautoconfiguration|Disabling DHCP Autoconfiguration]] for more information.
  • remote-access.txt
  • Last modified: 2021/07/24 22:33
  • by rafi