Using Pertino with Active Directory


  • Service Provider

    Pertino is a new VPN (and more) platform that we can use to replace traditional VPN links (think IPSec or OpenVPN) for Windows clients. Getting Pertino to work as a replacement for traditional VPN options as a means of handling Active Directory authentication is pretty easy and works very reliably in my testing.

    The first step in enabling Pertino for AD is to get Pertino installed and running on the Domain Controller(s) as well as on any clients that you wish to have authenticate to Active Directory. Just download the client from Pertino.com and add all of the clients to the same Pertino network.

    Once all of the machines have been joined together (open up your Network Places dialogue and you should see all of the machines listed there) then we need to manually add our DNS servers to the client machines so that they can look up the Active Directory information. DNS is a requirement for AD so this step is necessary even though through Pertino we feel like we can see the Domain Controllers already.

    Pertino runs on IPv6 so we can’t use our traditional IPv4 addresses in order to reach our Domain Controllers (go ahead, don’t believe me, try pinging them.) So you need to log into each Domain Controller and find its IPv6 Pertino network address. Typically you will have two Domain Controllers and each will act additionally as the DNS server so everything will be nice and neat. Extrapolate if you are doing something more exotic. On each client machine go into the network adapter settings for the Pertino connection, select the IPv6 protocol and go to Properties. Here you can enter your IPv6 DNS servers. Put your primary and secondary DCs’ IPv6 addresses in here.

    Once you have done this you should be able to ping your domain controllers by name via IPv6. Now you can reliably have the client machine join the domain and authenticate automatically. After reboot Pertino should connect before you attempt to log in so logging in with domain users who do not have cached credentials should work right away. You will need to manually enter these two IPv6 DNS entries on each client wishing to be joined to Active Directory through Pertino.

    Originally posted on my Windows Administration blog in 2013 here: http://web.archive.org/web/20130929034913/http://www.scottalanmiller.com/windows/2013/04/05/using-pertino-with-active-directory/

    This information is very out of date concerning Pertino itself. But the theory on how this works remains relevant.


  • Service Provider

    @scottalanmiller said in Using Pertino with Active Directory:

    Originally posted on my Windows Administration blog in 2013 here: http://web.archive.org/web/20130929034913/http://www.scottalanmiller.com/windows/2013/04/05/using-pertino-with-active-directory/

    This information is very out of date concerning Pertino itself. But the theory on how this works remains relevant.

    IMO, you should put the 'old post' notice at the top of these.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.