Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior Windows 7: Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
Reedy (talk | contribs)
editor
706 edits
m clean up, typos fixed: eg → e.g. (2)
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick_IPsec_Road_Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
== Windows setup ==
== Windows setup ==


Line 23: Line 23:
# Using a command window, or the '''Start|Run''' box, execute the command <tt>'''mmc'''</tt> (and answer Yes when asked if you want to allow changes).
# Using a command window, or the '''Start|Run''' box, execute the command <tt>'''mmc'''</tt> (and answer Yes when asked if you want to allow changes).
# Select '''Add/Remove Snap-in''' from the File menu, choose the '''Certificates''' snap-in and add it to selected snap-ins.
# Select '''Add/Remove Snap-in''' from the File menu, choose the '''Certificates''' snap-in and add it to selected snap-ins.
# A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>'''Computer Account'''</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (eg using <tt>certmgr.msc</tt>, you will not be able to install the certificate system-wide, and the Windows IPsec subsystem will not find it. Click '''Next'''.
# A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>'''Computer Account'''</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (e.g. using <tt>certmgr.msc</tt>, you will not be able to install the certificate system-wide, and the Windows IPsec subsystem will not find it. Click '''Next'''.
# Another dialog will ask which computer to manage. Choose <tt>'''Local computer'''</tt>. Click '''Finish'''
# Another dialog will ask which computer to manage. Choose <tt>'''Local computer'''</tt>. Click '''Finish'''
# Finally click on <tt>'''OK'''</tt> to start the certificate manger snap-in.
# Finally click on <tt>'''OK'''</tt> to start the certificate manger snap-in.
Line 44: Line 44:
Now you need to set up the IPsec network connection details.
Now you need to set up the IPsec network connection details.


# Go to Control Panel and select <tt>Set up a new connection or network</tt>.
# Go to Start - '''Control Panel''' then Network and Internet, then 'View network status and tasks then <tt>'''Set up a new connection or network'''</tt>.
# Select <tt>Connect to a Network</tt> and choose <tt>Connect to a Workplace</tt>.
# Select <tt>Connect to a Network</tt> and choose <tt>'''Connect to a Workplace'''</tt>.
# Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
# Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
# Choose <tt>Use my Internet connection</tt>
# Choose <tt>Use my Internet connection (VPN)</tt>
# Insert the server name (eg <tt>server.example.com</tt>), and choose whatever you like to name the connection (Destination name).
# Insert the server name (e.g. <tt>server.example.com</tt>), and choose whatever you like to name the connection (Destination name). (the Server name needs to match the name in the generated certificate, this is usually a hostname rather than an IP address)
# Select <tt>Don't connect now; ...</tt>
# Select <tt>'''Don't connect now; ...'''</tt>
# You don't need to enter User name and password as it will ask again later
# You don't need to enter User name and password as it will ask again later
# Click on <tt>Create</tt> and then <tt>Close</tt> (Don't connect yet!)
# Click on <tt>'''Create'''</tt> and then <tt>'''Close'''</tt> (Don't connect yet!)
# Back at the Network and Sharing Center dialog, select <tt>Connect to a network</tt>
# Back at the Network and Sharing Center dialog, select <tt>'''Connect to a network'''</tt>
# Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
# Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
# Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
# Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
Line 64: Line 64:
connection establishes.
connection establishes.


=Windows 10=
==Install the certificate==
#Download DER format
#Click on the file, you may get a Warning (see screenshot)
#The certificate will be opened, Click install certificate
#The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next (see screenshot)
#You will be prompted to enter in the Administrator password of the computer, do this.
#Select ' Place all certificates in the following store' (see screenshot)
#Click Browse
#Select 'Trusted Root Certification Authorities', click OK. (see screenshot)
#You'll now be back at the screen you were on previously, Click Next (see screenshot)
# The 'Completing the Certificate Import Wizard' screen shows, Click Finish (see screenshot)
#A little window pops up saying 'The import was successful' (see screenshot)


=Help=
<gallery>
IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning
IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate
IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next
IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse
IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.
IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows
IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'
</gallery>


==Error 13801: IKE authentication credentials are unacceptable==
==Configure the VPN==
[[File:Win7-IPsec-error-ike2auth.PNG|framed|none|Error 13801]]
#Click the Start/Windows icon
#Check that the hostname as set in the VPN settings matches the server certificate name, or:
#Go to Settings (see screenshot)
#Double check that you selected 'Computer Account' in the steps above for the installing the certificate in the Certificate Manager
#Click 'Network & Internet'
#Click VPN (see screenshot)
#Click 'Add a VPN connection'
#Enter in the VPN settings eg: (see screenshot)
#*VPN Provider: Windows (built in)
#*Connection name: (What ever you like, eg Office)
#*Server name or address: The IP or host name of your FireBrick
#*VPN type: IKEv2
#*Type of sign-in info: Username and password
#*Username & Password (as set up on the FireBrick). This is optional, you can leave blank and Windows will prompt you for this information each tie you connect.
*Click OK
#Your VPN connection will now be added (see screenshot)


[[Category:FireBrick IPsec Road Warrior|Windows]]
<gallery>
IPsec-Win10-8-addVPN.PNG|Click the Start/Windows icon, Go to Settings, Click 'Network & Internet', Click Add
IPsec-Win10-9-settings.PNG|Enter in the VPN settings
IPsec-Win10-10-VPNsettings.PNG|The VPN will then be added
IPsec-Win10-11-VPNConnect.PNG
IPsec-Win10-12-VPNConnected.PNG
IPsec-Win10-11-VPNConnect.PNG
</gallery>


[[Category:FireBrick_IPsec_Road_Warrior|Windows]]
Retrieved from "http://support.aa.net.uk/FireBrick_Road_Warrior_Windows_7"