When you have a network of any kind, you tend to have devices and services unique to that network. For example, file shares, internal websites, databases, and application servers. Sometimes, these services are designed and or can be configured to work on the World Wide Web, but this comes with a host of security and support risks. To limit the support and security burden to the network and data, a better way to allow remote access to these services is through a Virtual Private Network (VPN).

A VPN is simply a way to create a secure, isolated tunnel from one network to another network. This allows for connections from one or more devices to another device, one or more devices to one or more networks, or one network to another network.

For our purposes, we are going to simulate a corporate VPN solution that uses Active Directory Security Group to authenticate users.

Requirements:

Hardware

Dedicated hypervisor or desktop with Hyper-V installed

• 6 or more x86-64 CPU cores
  • Intel 7th Gen or higher with Intel VT-x enabled
  • AMD AM4 or higher with AMD-V enabled
• 24 GB of DDR RAM
  • DDR4 or higher recommended
• 100 GB free space
  • SSD recommended

Software

ISOs

• pfSense-CE-2.6.0 or newer
• Windows 10 22H2 or new
• Windows Server 2016 or newer

VMs

• Windows Server 2016 or newer
  • Active Directory Users and Computers
  • Network Policy Server (NPS)
• Windows 10 or newer A
• Windows 10 or newer B
  • OpenVPN Client App
• pfSense A
  • OpenVPN Client Package
• pfSense B

For this lab, I will be using Hyper-V. You can use whatever virtualisation software you are comfortable with.