Let’s talk about Direct Access for a moment. Ever since I first deployed Direct Access, it has always been a pain to get set up correctly, and diagnosing issues always required some weird PowerShell script from some blog on the internet that changed route advertisements or some weird thing like that in order to get Direct Access functioning again. In some scenarios, I have had to blow away the Remote Access server roll from Windows Server and start from scratch. And the worst part about that is that remote computers will become orphaned, since it will not be able to re-connect to the new Direct Access due to the configuration change.
Today I started a project that aims to replace Direct Access with a Windows service that does all the same things that Direct Access does, like determining if a computer is on the corporate network or not, and attempting to connect to the corporate VPN. Its name is Immediate Access.
The nice thing about this service is that it will allow you to pick any VPN technology that Windows supports natively, like: SSTP, PPTP, L2TP, & IPSec. You can specify any VPN profile as long as it is contained within the
rasphone.pbk file. The service will even present the Computer’s credentials to the VPN server just like Direct Access and connect to the VPN at the login screen as long as there is network available.
You can find this project here: https://github.com/belowaverage-org/ImmediateAccess.