Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec (Road Warrior Howto): Difference between revisions

← Older editNewer edit →
Content deleted Content added
No edit summary
No edit summary
Line 92: Line 92:
The Windows certificate manager should now be started up as follows:
The Windows certificate manager should now be started up as follows:


. Using a command window, or the Start|Run box, execute the command <tt>mmc</tt> (and answer Yes when asked if you
* Using a command window, or the Start|Run box, execute the command <tt>mmc</tt> (and answer Yes when asked if you want to allow changes).
* Select Add/Remove Snap-in from the File menu, choose the Certificates snap-in and add it to selected snap-ins.
want to allow changes).
* A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>Computer Account</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (eg using <tt>certmgr.msc</tt>, you will not be able to install the certificate system-wide, and the Windows IPsec subsystem will not find it.
. Select Add/Remove Snap-in from the File menu, choose the Certificates snap-in and add it to selected snap-ins.
. A dialog will ask if you want to manage certificates for the user account, a service account or computer account.
* Another dialog will ask which computer to manage. Choose <tt>Local computer</tt>.
* Finally click on <tt>OK</tt> to start the certificate manger snap-in.
You *must* select <tt>Computer Account</tt> here in order to manage the system certificates. If you do not select
this, or you start up the certificate manager in some other way (eg using <tt>certmgr.msc</tt>, you will not be able
to install the certificate system-wide, and the Windows IPsec subsystem will not find it.
. Another dialog will ask which computer to manage. Choose <tt>Local computer</tt>.
. Finally click on <tt>OK</tt> to start the certificate manger snap-in.


To install the certificate:
To install the certificate:
. Double-click on <tt>Certificates (Local Computer)</tt> in the left pane, to open the certificate store names, and
* Double-click on <tt>Certificates (Local Computer)</tt> in the left pane, to open the certificate store names, and then right-click on <tt>Trusted Root Certification Authorities</tt> in the centre pane.
* Select <tt>All Tasks</tt> and then <tt>Import...</tt>
then right-click on <tt>Trusted Root Certification Authorities</tt> in the centre pane.
. Select <tt>All Tasks</tt> and then<tt>Import...</tt>
* Click <tt>Next</tt> and browse to where you saved the CA .crt file.
. Click <tt>Next</tt> and browse to where you saved the CA .crt file.
* Click <tt>Next</tt> and check that the certificate will be placed in the trusted root store.
. Click <tt>Next</tt> and check that the certificate will be placed in the trusted root store.
* Click <tt>Next</tt> again, and then <tt>Finish</tt>.
. Click <tt>Next</tt> again, and then <tt>Finish</tt>.


There - wasn't that easy! Thank you Microsoft.
There - wasn't that easy! Thank you Microsoft.
Line 114: Line 109:
Now you need to set up the IPsec network connection details.
Now you need to set up the IPsec network connection details.


. Go to Control Panel and select <tt>Set up a new connection or network</tt>.
* Go to Control Panel and select <tt>Set up a new connection or network</tt>.
. Select <tt>Connect to a Network</tt> and choose <tt>Connect to a Workplace</tt>.
* Select <tt>Connect to a Network</tt> and choose <tt>Connect to a Workplace</tt>.
. Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
* Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
. Choose <tt>Use my Internet connection</tt>
* Choose <tt>Use my Internet connection</tt>
. Insert the server name (eg <tt>server.example.com</tt>), and choose whatever you like
* Insert the server name (eg <tt>server.example.com</tt>), and choose whatever you like to name the connection (Destination name).
* Select <tt>Don't connect now; ...</tt>
to name the connection (Destination name).
* You don't need to enter User name and password as it will ask again later
. Select <tt>Don't connect now; ...</tt>
* Click on <tt>Create</tt> and then <tt>Close</tt> (Don't connect yet!)
. You don't need to enter User name and password as it will ask again later
* Back at the Network and Sharing Center dialog, select <tt>Connect to a network</tt>
. Click on <tt>Create</tt> and then <tt>Close</tt> (Don't connect yet!)
. Back at the Network and Sharing Center dialog, select <tt>Connect to a network</tt>
* Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
* Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
. Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
* EAP-MSCHAPv2 should already be selected.
. Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
* Click <tt>OK</tt>
. EAP-MSCHAPv2 should already be selected.
. Click <tt>OK</tt>


You should now be ready to connect - select <tt>Connect to a network</tt> again, click
You should now be ready to connect - select <tt>Connect to a network</tt> again, click
Retrieved from "http://support.aa.net.uk/FireBrick_IPsec_(Road_Warrior_Howto)"