Hi,
I just wonder if somebody could help me with this. A while ago I’ve read, that Always on VPN is compatible with Windows 10 pro (opposite to direct access) – unfortunately I haven’t checked details as I presumed everything will work. Now, when I started implementation, I’ve discovered that only user tunnel (connection established after login) works with pro version but device tunnel (which is the most important for me) not. You can set it, but it won’t connect automatically. I just wonder if somebody had a similar issue and somehow found a solution. I need to get VPN connected automatically before login to the laptop. Unfortunately, I don’t have a budget to use a 3rd party solution, so this is not an option for me.
Could somebody advise?
What Office 365 level are you at? We went to M365 E3 because it gave us Win10 Enterprise, which allows the pre-login device tunnel.
I don’t believe there is a way to make it work in Pro, it’s explicitly an Enterprise feature.
What’s your server? OpenVPN has no trouble with this if you have key authentication and no MFA.
AoV device tunnel will only work with Enterprise, there are no shortcuts
As I know it is possible using Taks Scheduled.
Here are some clues from guy who actually does it:
https://community.spiceworks.com/topic/2199357-device-tunnel-on-win10-pro
Perhaps I could install OpenVPN server but is it easy to implement somehow automatically this solution on laptops? I mean with SSTP VPN I can use GPO or scripting for installation - is it possible with Open VPN as well?
Ok, ignore that option then. You can get Win10 Enterprise as a per-user CSP subscription for around five bucks a user a month. Or buy Enterprise upgrades and SA thru your normal volume licensing channel.
Are you licensing Intune to deploy the AOVPN? There might be an EMS bundle that includes Intune and Enterprise, it’s been a while since I looked.
Other than that there are the 3rd party options you mentioned, AnyConnect I’m pretty sure can do pre-login VPN. But again, budget.
Unfortunately upgrading to Windows 10 Enterprise is not an option in our case so this is why I’m looking for a way around…
Maybe OpenVPN if there’s zero chance of getting budget for a paid option? I’ve never done it, but a quick Google suggests it might be possible.