[Question] - How to deploy Client-VPN, L2TP+PSK? CMAK? GPO?
I've done a quick search and it seems this question has yet to be truly answered. I need to deploy the Meraki Client VPN solution. Our current configuration is with the PSK but if there's a better method for authenticating the user/machine (certificate?) I'm all ears.
Yeah, unfortunately we're not using SM.. we're using Microsoft's Intune MDM solution.
I should note that we are already using RADIUS for authentication. The piece that's missing here is the ability to deploy the VPN connection either with the PSK already defined so that information does not need to be disseminated to the user, OR use a certificate in place of PSK. I've always used PSK so configuring the VPN connection to use a certificate would be new to me.
Lastly would be the mass deployment part. I have a number of users who require the use of the VPN and configuring this on an individual basis would be cumbersome and inefficient. I believe it can be done through GPO but not 100% sure on that. I just want to get an idea for how others out there deploy the Client VPN solution to their users.
Windows GPO can be used to push out a VPN template, but not a PSK. The only way to deploy this at scale and not lose your mind is to use certificates.
Once an auto-enrolling certificate template exists in AD, a separate GPO would be used to auto-enroll your users using that certificate template. That user certificate would then be referenced in the VPN profile.