Daffodil uses a secure VPN tunnel to their domain controller, using Microsoft Routing and Remote Access with the SSTP VPN type. DUO is used as a second authentication factor. This VPN is currently secured with Alltek's wildcard cert and we will be using DNSMADEEASY for failover.
To set up on a Windows client PC:
- Settings, Network and Internet
- Go into the VPN section, add VPN Connection
- VPN Provider: Windows (built-in), Connection Name: DAFF, Server name: daffvpn.alltekvirtual.com, Type: SSTP, Enter username and pwd, remember sign in info, Save.
- Click "Change Adapter Options"
- Right-click the DAFF connection and select Properties
- Click the Security tab, select Allow these protocols, set it to PAP. (Unencrypted is fine because the connection is encrypted by SSTP before PWD is sent)
Make sure the user knows to open their DUO app before connecting. Once open, they can connect and should be prompted quickly by DUO to approve. Timeout is 30 seconds.