FireBrick Road Warrior Windows 10: Difference between revisions

Line 5:

dialogs and messages seen may not be exactly as shown here.

=Not using Lets Encrypt?=

If you using the built-in ACME system for managing a Lets Encrypt certificate then you can skip this Certificate section and jump to the sectoion below to just set up the VPN credentials.

⚫

===Download the Certificate===

⚫

'''This is not needed if you are using Lets Encrypt on the FireBrick'''

⚫

The CA certificate needs to be installed on the Windows machine using an account with administrator privileges.

⚫

First, download the CA certificate in DER format to the Windows machine. The easiest way to do this is to@

⚫

#Use a browser (e.g. 'Edge') to visit your FireBrick

⚫

##Go to: Config - Certificates to reach the certificate management page

⚫

##Click on the Download DER link corresponding to the CA certificate.

⚫

##Save it in a suitable location on the Windows machine. Note that you must download the certificate in DER format - windows machines do not recognize PEM format. The file will be given the <tt>.crt</tt> extension.

⚫

#If using the 'Edge' Browser, then click the Open button once the file as downloaded

⚫

==Install the certificate==

⚫

#You have downloaded the CA certifcate in DER format, and you'll have a file ending in .crt

⚫

#Double click on the file to open it, you may get a Warning (see screenshot)

⚫

#The certificate will be opened, Click install certificate

⚫

#The 'Welcome to the Certificate Import Wizard' screen opens, select '''Local Machine''', then '''Next''' (see screenshot)

⚫

#You will be prompted allow this action and maybe asked to enter in the Administrator password of the computer, do this.

⚫

#Select ''''Place all certificates in the following store'''' (see screenshot)

⚫

#Click '''Browse'''

⚫

#Select ''''Trusted Root Certification Authorities'''', click OK. (see screenshot)

⚫

#You'll now be back at the screen you were on previously, Click '''Next''' (see screenshot)

⚫

# The 'Completing the Certificate Import Wizard' screen shows, Click '''Finish''' (see screenshot)

⚫

#A little window pops up saying 'The import was successful', click '''OK''' (see screenshot)

⚫

#You can now click OK on the original ''''Certificate'''' window to close it

⚫

⚫

IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning

⚫

IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate

⚫

IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next

⚫

IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse

⚫

IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.

⚫

IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows

⚫

IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'

⚫

</gallery>

=Configure the VPN=

Line 103:

Line 64:

=Help=

⚫

==Not using Lets Encrypt?==

⚫

If you using the built-in ACME system for managing a Lets Encrypt certificate then you can skip this Certificate section and jump to the sectoion below to just set up the VPN credentials.

⚫

===Download the Certificate===

⚫

'''This is not needed if you are using Lets Encrypt on the FireBrick'''

⚫

The CA certificate needs to be installed on the Windows machine using an account with administrator privileges.

⚫

First, download the CA certificate in DER format to the Windows machine. The easiest way to do this is to@

⚫

#Use a browser (e.g. 'Edge') to visit your FireBrick

⚫

##Go to: Config - Certificates to reach the certificate management page

⚫

##Click on the Download DER link corresponding to the CA certificate.

⚫

##Save it in a suitable location on the Windows machine. Note that you must download the certificate in DER format - windows machines do not recognize PEM format. The file will be given the <tt>.crt</tt> extension.

⚫

#If using the 'Edge' Browser, then click the Open button once the file as downloaded

⚫

===Install the certificate===

⚫

#You have downloaded the CA certifcate in DER format, and you'll have a file ending in .crt

⚫

#Double click on the file to open it, you may get a Warning (see screenshot)

⚫

#The certificate will be opened, Click install certificate

⚫

#The 'Welcome to the Certificate Import Wizard' screen opens, select '''Local Machine''', then '''Next''' (see screenshot)

⚫

#You will be prompted allow this action and maybe asked to enter in the Administrator password of the computer, do this.

⚫

#Select ''''Place all certificates in the following store'''' (see screenshot)

⚫

#Click '''Browse'''

⚫

#Select ''''Trusted Root Certification Authorities'''', click OK. (see screenshot)

⚫

#You'll now be back at the screen you were on previously, Click '''Next''' (see screenshot)

⚫

# The 'Completing the Certificate Import Wizard' screen shows, Click '''Finish''' (see screenshot)

⚫

#A little window pops up saying 'The import was successful', click '''OK''' (see screenshot)

⚫

#You can now click OK on the original ''''Certificate'''' window to close it

⚫

⚫

IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning

⚫

IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate

⚫

IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next

⚫

IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse

⚫

IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.

⚫

IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows

⚫

IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'

⚫

</gallery>

==IKE authentication credentials are unacceptable==

[[File:IKE2-Win10Error-IKEAuth.PNG|none|frame|Error: IKE authentication credentials are unacceptable]]