Theres two tunnel types with Always ON, Device Tunnel and User Tunnel.ĭevice Tunnel allows for a tunnel to form in the device context before a user even logs in to the machine. But was easier to deploy, to a degree!Īlways On has no fancy server role dedicated to it or flash configuration GUI, you need to plan and configure all the individual components (listed below) with a bunch of PowerShell scripts/VPN policy configuration required here and there. Direct Access was a legacy version of this that utilised IPv6 technology and wasn't as flexible or powerful as Always On for Windows 10/11. What is Always On VPNĪlways On VPN allows your corporate users on mobile corporate devices to automatically connect to your internal network from outside (as if they never left the domain network/LAN). This blog post has come about as I face a new deployment in the financial sector which ups the security notch to factor 10 where everything will be scrutinized and carefully cross-examined before any potential sign-offs. I have had the joy of rolling out a number of these projects in the educational sector from a simple single-site to multi-site deployments with multi-tier PKI infrastructure etc.
I am going to open up about my experience/frustrations and maybe some love of Microsofts Always On VPN technology and how this feels like a pinnacle part of my project experience as a technical consultant.
This blog post is slightly different from my usual content which focuses on how-to walkthroughs.