editor
706
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
m (→Windows setup) |
m (clean up, typos fixed: eg → e.g. (2)) |
||
(10 intermediate revisions by one other user not shown) | |||
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:
== Windows setup ==
The Windows certificate manager should now be started up as follows:
# Using a command window, or the '''Start|Run''' box, execute the command <tt>'''mmc'''</tt> (and answer Yes when asked if you want to allow changes).
# Select '''Add/Remove Snap-in''' from the File menu, choose the '''Certificates''' snap-in and add it to selected snap-ins.
# A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>'''Computer Account'''</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (
# Another dialog will ask which computer to manage. Choose <tt>'''Local computer'''</tt>. Click '''Finish'''
# Finally click on <tt>'''OK'''</tt> to start the certificate manger snap-in.
===Install the CA certificate===
To install the certificate:
# Double-click on <tt>'''Certificates (Local Computer)'''</tt> in the left pane, to open the certificate store names
#
# Select <tt>'''All Tasks'''</tt> and then <tt>'''Import...'''</tt>
# Click <tt>'''Next'''</tt> and
#Select the .crt file and click '''Open'''
# Click <tt>Next</tt> again, and then <tt>Finish</tt>.▼
# Click <tt>'''Next'''</tt> and check that the certificate will be placed in the trusted root store.
▲# Click <tt>'''Next'''</tt> again, and then <tt>'''Finish'''</tt>.
#A
#You can now close the mmc console, File - Exit. No need to save.
There - wasn't that easy! Thank you Microsoft.
Now you need to set up the IPsec network connection details.
# Go to Start - '''Control Panel''' then Network and
# Select <tt>Connect to a Network</tt> and choose <tt>'''Connect to a Workplace'''</tt>.
# Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
# Choose <tt>Use my Internet connection (VPN)</tt>
# Insert the server name (
# Select <tt>'''Don't connect now; ...'''</tt>
# You don't need to enter User name and password as it will ask again later
# Click on <tt>'''Create'''</tt> and then <tt>'''Close'''</tt> (Don't connect yet!)
# Back at the Network and Sharing Center dialog, select <tt>'''Connect to a network'''</tt>
# Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
# Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
connection establishes.
▲#Select 'Trusted Root Certification Authorities', click OK. (see screenshot)
▲#A little window pops up saying 'The import was successful' (see screenshot)
=Help=
==Error 13801: IKE authentication credentials are unacceptable==
[[File:Win7-IPsec-error-ike2auth.PNG|framed|none|Error 13801]]
#Check that the hostname as set in the VPN settings matches the server certificate name, or:
#Double check that you selected 'Computer Account' in the steps above for the installing the certificate in the Certificate Manager
▲[[Category:FireBrick_IPsec_Road_Warrior|Windows]]
|