VPN Clients Using Certificates

From help.computerisms.ca
Jump to navigation Jump to search

BEFORE YOU BEGIN: you need the following items:

  • A P12 Certificate with a password
  • If your company firewall uses L2TP or IKEv2
  • The Hostname or IP Address of your company firewall
    • Note: if using IKEv2 you will be required to know and use the DNS name of your company firewall
  • If you are using L2TP, you need a username/password combination


  • NOTE:Actions Listed in {Curly Braces} may *not* be present, depending on the existing configuration of your computer

Installing the Certificate - Windows 7/8/10

  1. Press Windows Key+R to open a run window=>Enter mmc in the only available field=>click OK
  2. In the window the opens, click file=>Add/Remove Snapin
  3. Double-Click Certificates=>Select Computer Account and click Next=>Select Local Computer and click Finish=>Click OK
  4. In the left pane, expand Certificates=>right click Personal=>Select All tasks=>Click Import
  5. Click Next=>Click Browse=>navigate to the location of your P12 file
  6. At the bottom right of the window, use the drop down menu to select Personal Information Exchange=>Double click your P12 file
  7. Click Next=>Enter your Certificate Password=>click Next=>Select "Automatically Select ..."=>Click Next=>Click Finish
  8. Close this window=>Select No when prompted to save

Setup L2TP on Windows 7/8/10

  • NOTE: For windows 8/10, the settings are the same, but they aren't all in the same place. Please contact Computerisms for assistance.
  1. Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
  2. Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
  3. In the "Internet Address" field, enter the hostname or IP address of your company firewall provided to you by your company
  4. The "Destination Name" field requires an arbitrary value that identifies what you are connecting to (IE put anything that identifies to you personally what you are connecting to)
    1. If you are unsure what to put in this field, use your Company's Name
  5. Select "Don't connect now, just set it up so I can connect later"
  6. Click Next=>Enter the L2TP Username provided to you=>Enter the L2TP Password provided to you
  7. In the lower-right corner of your screen by the clock, click the network icon
  8. The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab
  9. Set "Type of VPN" to "Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)"
  10. Click the button called "Advanced"=>Deselect "Verify the Name and Usage attributes for the server's certificate"=>Click OK
  11. Set "Data encryption" to "Optional encryption (connect even if no encryption)"
  12. Under "Authentication", ensure "Allow these protocols" is selected=>Ensure "Unencrypted Password (PAP)" is deselected=>Ensure "Challenge Handshake Authentication Protocol (CHAP)" is selected
    1. "Microsoft CHAP Version 2 (MSCHAP v2)" can be selected or deselected, but "Automatically use any Windows logon name and password" should not be selected
  13. Click OK
  14. In the lower-right corner of your screen by the clock, click the network icon=>Select the same connection=>Click Connect=>{Click Connect}
    1. A Note on saving passwords: do not save the password unless you are the only one using this computer, instead enter it every time you connect

Using IKEv2 on Windows 7(Legacy)

  1. Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
  2. Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
  3. In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company
    1. Note that using the IP address of the firewall will probably fail.
  4. The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too)
    1. If you are unsure what to put in this field, use your Company's Name
  5. Select "Don't connect now, just set it up so I can connect later"
  6. Click Next=>Leave all Fields Blank and Click Create=>Click Close
  7. In the lower-right corner of your screen by the clock, click the network icon
  8. The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab
    1. If you don't have a properties button, in the control panel under Network and Sharing Center, on the left side will be a "Manage Network Connections" link. In there, you will find your VPN connection. Right-click that, choose properties, and select the "Security" tab.
  9. Set "type of VPN" to IKEv2
  10. Click Advanced Settings=>ensure Mobility is checked and Network outage time is set to 30 minutes=>click OK
  11. Set Data Encryption to Require Encryption
  12. Select the radio button for "Use Machine Certificates"
  13. Click OK

Using IKEv2 on Windows 10/11

  1. Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
  2. Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
  3. In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company
    1. Note that using the IP address of the firewall will probably fail.
  4. The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too)
    1. If you are unsure what to put in this field, use your Company's Name
  5. Leave all fields default and Click Create
  6. Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Change adapter settings"
    1. Right click on the VPN connection you created in step 4 =>Goto Properties
    2. Under Security change type of VPN to "IKEV2", Data encryption to "Require Encryption" and Authentication to "Use Machine Certificates"
  7. Your VPN connection is ready. Connect to VPN by going to the right bottom corner and click the network icon labeled "Destination Name" above and click "Connect"

Using a Mac

  • Mac setups require the use of a mobile.config, please request assistance from us for help in getting this setup working.
Retrieved from "http://help.computerisms.ca/index.php?title=VPN_Clients_Using_Certificates&oldid=5375"