This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vpn:ikedv2:windows [2020/01/01 15:02] pirata [Windows side] |
vpn:ikedv2:windows [2020/02/15 04:02] pirata title |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Connect to our VPN under Windows ====== | + | ====== IKEDv2 Windows support ====== |
===== Server side ===== | ===== Server side ===== | ||
OpenBSD's default **/etc/ssl/openssl.cnf** provides a very minimalist approach, especially if you plan to allow users under other Operating Systems to login. | OpenBSD's default **/etc/ssl/openssl.cnf** provides a very minimalist approach, especially if you plan to allow users under other Operating Systems to login. | ||
- | This is what is working at the moment: | ||
<code bash> | <code bash> | ||
+ | $ cat /etc/ssl/openssl.cnf | ||
+ | |||
# Note that you can include other files from the main configuration | # Note that you can include other files from the main configuration | ||
# file using the .include directive. | # file using the .include directive. | ||
Line 174: | Line 176: | ||
</code> | </code> | ||
- | We had to replicate some part of **/etc/ssl/openssl.cnf** into local **openssl.cfg** in order to be able to generate proper keys and certificates that probably should work on Windows: | + | We had to replicate some part of **/etc/ssl/openssl.cnf** into local **openssl.cfg** in order to be able to generate proper keys and certificates. |
<code bash> | <code bash> | ||
+ | $ cat openssl.cfg | ||
+ | |||
[ vpn.ircnow.org ] | [ vpn.ircnow.org ] | ||
keyUsage = digitalSignature,keyEncipherment | keyUsage = digitalSignature,keyEncipherment | ||
Line 247: | Line 251: | ||
</code> | </code> | ||
- | After some trial and error, We managed to discover a magical combination of openssl commands that allowed us to generate all certs and keys that should work on Windows: | + | After some trial and error, We managed to discover a magical combination of openssl commands that allowed us to generate all certs and keys: |
<code bash> | <code bash> | ||
Line 274: | Line 278: | ||
- Both certificates are located under **Trusted Root Certification Authorities** > **Certificates** | - Both certificates are located under **Trusted Root Certification Authorities** > **Certificates** | ||
- Password of our private key is **gad03efbanxg5yby** | - Password of our private key is **gad03efbanxg5yby** | ||
- | + | - Configure an IKEDv2 connection using this [[http://www.carbonwind.net/blog/post/VPN-Reconnect-in-Windows-7-RC-redux.aspx|guide]] if you don't know how to do that | |
- | - Configure an IKEDv2 connection using this [[http://www.carbonwind.net/blog/post/VPN-Reconnect-in-Windows-7-RC-redux.aspx|guide]] if you don't know how to do that | + | - Make sure: |
- | - Make sure: | + | - Under Security tab, type of VPN is **IKEv2** |
- | - Under Security tab, type of VPN is **IKEv2** | + | - Authentication is **EAP + Secure password (EAP-MSCHAPv2)** |
- | - Authentication is **EAP + Secure password (EAP-MSCHAPv2)** | + | - Under general tab, host name is **vpn.ircnow.org** |
- | - Under general tab, host name is **vpn.ircnow.org** | + | |
Last thing: | Last thing: |