12,274
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
mNo edit summary |
|||
dialogs and messages seen may not be exactly as shown here.
=Not using Lets Encrypt?=▼
If you using the built-in ACME system for managing a Lets Encrypt certificate then you can skip this Certificate section and jump to the sectoion below to just set up the VPN credentials.▼
===Download the Certificate===▼
'''This is not needed if you are using Lets Encrypt on the FireBrick''' ▼
The CA certificate needs to be installed on the Windows machine using an account with administrator privileges.▼
First, download the CA certificate in DER format to the Windows machine. The easiest way to do this is to@▼
#Use a browser (e.g. 'Edge') to visit your FireBrick ▼
##Go to: Config - Certificates to reach the certificate management page▼
##Click on the Download DER link corresponding to the CA certificate. ▼
##Save it in a suitable location on the Windows machine. Note that you must download the certificate in DER format - windows machines do not recognize PEM format. The file will be given the <tt>.crt</tt> extension.▼
#If using the 'Edge' Browser, then click the Open button once the file as downloaded▼
==Install the certificate==▼
#You have downloaded the CA certifcate in DER format, and you'll have a file ending in .crt▼
#Double click on the file to open it, you may get a Warning (see screenshot)▼
#The certificate will be opened, Click install certificate▼
#The 'Welcome to the Certificate Import Wizard' screen opens, select '''Local Machine''', then '''Next''' (see screenshot)▼
#You will be prompted allow this action and maybe asked to enter in the Administrator password of the computer, do this.▼
#Select ''''Place all certificates in the following store'''' (see screenshot)▼
#Click '''Browse'''▼
#Select ''''Trusted Root Certification Authorities'''', click OK. (see screenshot)▼
#You'll now be back at the screen you were on previously, Click '''Next''' (see screenshot)▼
# The 'Completing the Certificate Import Wizard' screen shows, Click '''Finish''' (see screenshot)▼
#A little window pops up saying 'The import was successful', click '''OK''' (see screenshot)▼
#You can now click OK on the original ''''Certificate'''' window to close it▼
<gallery heights=149 mode="packed" caption="Screenshots of installing the certificate on Windows 10">▼
IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning▼
IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate▼
IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next▼
IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse▼
IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.▼
IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows▼
IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'▼
</gallery>▼
=Configure the VPN=
=Help=
▲==Not using Lets Encrypt?==
▲If you using the built-in ACME system for managing a Lets Encrypt certificate then you can skip this Certificate section and jump to the sectoion below to just set up the VPN credentials.
▲===Download the Certificate===
▲'''This is not needed if you are using Lets Encrypt on the FireBrick'''
▲The CA certificate needs to be installed on the Windows machine using an account with administrator privileges.
▲First, download the CA certificate in DER format to the Windows machine. The easiest way to do this is to@
▲#Use a browser (e.g. 'Edge') to visit your FireBrick
▲##Go to: Config - Certificates to reach the certificate management page
▲##Click on the Download DER link corresponding to the CA certificate.
▲##Save it in a suitable location on the Windows machine. Note that you must download the certificate in DER format - windows machines do not recognize PEM format. The file will be given the <tt>.crt</tt> extension.
▲#If using the 'Edge' Browser, then click the Open button once the file as downloaded
▲===Install the certificate===
▲#You have downloaded the CA certifcate in DER format, and you'll have a file ending in .crt
▲#Double click on the file to open it, you may get a Warning (see screenshot)
▲#The certificate will be opened, Click install certificate
▲#The 'Welcome to the Certificate Import Wizard' screen opens, select '''Local Machine''', then '''Next''' (see screenshot)
▲#You will be prompted allow this action and maybe asked to enter in the Administrator password of the computer, do this.
▲#Select ''''Place all certificates in the following store'''' (see screenshot)
▲#Click '''Browse'''
▲#Select ''''Trusted Root Certification Authorities'''', click OK. (see screenshot)
▲#You'll now be back at the screen you were on previously, Click '''Next''' (see screenshot)
▲# The 'Completing the Certificate Import Wizard' screen shows, Click '''Finish''' (see screenshot)
▲#A little window pops up saying 'The import was successful', click '''OK''' (see screenshot)
▲#You can now click OK on the original ''''Certificate'''' window to close it
▲<gallery heights=149 mode="packed" caption="Screenshots of installing the certificate on Windows 10">
▲IPsec-Win10-1-OpenCert.PNG|Click on the file, you may get a Warning
▲IPsec-Win10-2-ReviewCert.PNG|The certificate will be opened, Click install certificate
▲IPsec-Win10-3-InstallCert.PNG|The 'Welcome to the Certificate Import Wizard' screen opens, select Local Machine, then Next
▲IPsec-Win10-4-InstallCert-store.PNG|Select ' Place all certificates in the following store', Click Browse
▲IPsec-Win10-5-InstallCert-trusted.PNG|Select 'Trusted Root Certification Authorities', click OK.
▲IPsec-Win10-6-InstallCert-finished.PNG|The 'Completing the Certificate Import Wizard' screen shows
▲IPsec-Win10-7-InstallCert-success.PNG|A little window pops up saying 'The import was successful'
▲</gallery>
==IKE authentication credentials are unacceptable==
[[File:IKE2-Win10Error-IKEAuth.PNG|none|frame|Error: IKE authentication credentials are unacceptable]]
|
edits