|
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick_IPsec_Road_WarriorFireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
== Windows setup ==
# Using a command window, or the '''Start|Run''' box, execute the command <tt>'''mmc'''</tt> (and answer Yes when asked if you want to allow changes).
# Select '''Add/Remove Snap-in''' from the File menu, choose the '''Certificates''' snap-in and add it to selected snap-ins.
# A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>'''Computer Account'''</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (ege.g. using <tt>certmgr.msc</tt>, you will not be able to install the certificate system-wide, and the Windows IPsec subsystem will not find it. Click '''Next'''.
# Another dialog will ask which computer to manage. Choose <tt>'''Local computer'''</tt>. Click '''Finish'''
# Finally click on <tt>'''OK'''</tt> to start the certificate manger snap-in.
# Click <tt>'''Next'''</tt> again, and then <tt>'''Finish'''</tt>.
#A window will pop up saying 'The Import was successful. Click '''OK'''
#You can now close the mmc console, File - Exit. No need to save.
There - wasn't that easy! Thank you Microsoft.
Now you need to set up the IPsec network connection details.
# Go to Start - '''Control Panel''' then Network and selectInternet, then 'View network status and tasks then <tt>'''Set up a new connection or network'''</tt>.
# Select <tt>Connect to a Network</tt> and choose <tt>'''Connect to a Workplace'''</tt>.
# Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
# Choose <tt>Use my Internet connection (VPN)</tt>
# Insert the server name (ege.g. <tt>server.example.com</tt>), and choose whatever you like to name the connection (Destination name). (the Server name needs to match the name in the generated certificate, this is usually a hostname rather than an IP address)
# Select <tt>'''Don't connect now; ...'''</tt>
# You don't need to enter User name and password as it will ask again later
# Click on <tt>'''Create'''</tt> and then <tt>'''Close'''</tt> (Don't connect yet!)
# Back at the Network and Sharing Center dialog, select <tt>'''Connect to a network'''</tt>
# Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
# Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
connection establishes.
=Windows 10=
==Install the certificate==
#Download DER format
#Click on the file, you may get a Warning (see screenshot)
#The certificate will be opened, Click install certificate
#The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next (see screenshot)
#You will be prompted to enter in the Administrator password of the computer, do this.
#Select ' Place all certificates in the following store' (see screenshot)
#Click Browse
#Select 'Trusted Root Certification Authorities', click OK. (see screenshot)
#You'll now be back at the screen you were on previously, Click Next (see screenshot)
# The 'Completing the Certificate Import Wizard' screen shows, Click Finish (see screenshot)
#A little window pops up saying 'The import was successful' (see screenshot)
=Help=
<gallery>
IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning
IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate
IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next
IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse
IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.
IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows
IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'
</gallery>
==Error 13801: IKE authentication credentials are unacceptable==
==Configure the VPN==
[[File:Win7-IPsec-error-ike2auth.PNG|framed|none|Error 13801]]
#Click the Start/Windows icon
#Check that the hostname as set in the VPN settings matches the server certificate name, or:
#Go to Settings (see screenshot)
#Double check that you selected 'Computer Account' in the steps above for the installing the certificate in the Certificate Manager
#Click 'Network & Internet'
#Click VPN (see screenshot)
#Click 'Add a VPN connection'
#Enter in the VPN settings eg: (see screenshot)
#*VPN Provider: Windows (built in)
#*Connection name: (What ever you like, eg Office)
#*Server name or address: The IP or host name of your FireBrick
#*VPN type: IKEv2
#*Type of sign-in info: Username and password
#*Username & Password (as set up on the FireBrick). This is optional, you can leave blank and Windows will prompt you for this information each tie you connect.
*Click OK
#Your VPN connection will now be added (see screenshot)
[[Category: FireBrick_IPsec_Road_WarriorFireBrick IPsec Road Warrior|Windows]] ▼<gallery>
IPsec-Win10-8-addVPN.PNG|Click the Start/Windows icon, Go to Settings, Click 'Network & Internet', Click Add
IPsec-Win10-9-settings.PNG|Enter in the VPN settings
IPsec-Win10-10-VPNsettings.PNG|The VPN will then be added
IPsec-Win10-11-VPNConnect.PNG
IPsec-Win10-12-VPNConnected.PNG
IPsec-Win10-11-VPNConnect.PNG
</gallery>
▲[[Category:FireBrick_IPsec_Road_Warrior|Windows]]
| 