IPSEC L2TP - with computer certificates from Win PKI and RADIUS

Hi everyone,

i want the possibility that users can access one of our Active Directory Servers before they can login.

We have about 80% remote workers and everytime someone forgets their password it's a hell of work to get them "back on the horse".


Normally we use the SSL VPN client to connect to our network. But this is not compatible with "pre login" VPN (no i don't want to write the password in the conf file).

And at the moment i do not want to rollout "AlwaysON VPN".


So i thought that i could leverage the fact that every computer has an own computer certifcate and authenticate with this. Is this even possible?

I've read many tutorials but when they use RADIUS they use username/password and if they use certificate they use "local" authentication.


Best regards