VPN Clients Using Certificates: Difference between revisions
Jump to navigation
Jump to search
(15 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
BEFORE YOU BEGIN: you need the following items:<br> | BEFORE YOU BEGIN: you need the following items:<br> | ||
*A P12 Certificate with a password | *A P12 Certificate with a password | ||
*If your company firewall uses L2TP or IKEv2 | |||
*The Hostname or IP Address of your company firewall | *The Hostname or IP Address of your company firewall | ||
**Note: if using IKEv2 you will be required to know and use the DNS name of your company firewall | |||
*If you are using L2TP, you need a username/password combination | *If you are using L2TP, you need a username/password combination | ||
Line 7: | Line 9: | ||
*<b>NOTE:</b>Actions Listed in {Curly Braces} may *not* be present, depending on the existing configuration of your computer | *<b>NOTE:</b>Actions Listed in {Curly Braces} may *not* be present, depending on the existing configuration of your computer | ||
==Installing the Certificate - Windows 7/8== | ==Installing the Certificate - Windows 7/8/10== | ||
#Press Windows Key+R to open a run window=>Enter mmc in the only available field=>click OK | #Press Windows Key+R to open a run window=>Enter mmc in the only available field=>click OK | ||
Line 19: | Line 20: | ||
#Close this window=>Select No when prompted to save | #Close this window=>Select No when prompted to save | ||
==Setup L2TP on Windows 7/8== | ==Setup L2TP on Windows 7/8/10== | ||
*<b>NOTE:</b> | *<b>NOTE:</b> For windows 8/10, the settings are the same, but they aren't all in the same place. Please contact Computerisms for assistance. | ||
#Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network" | #Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network" | ||
#Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)" | #Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)" | ||
#In the "Internet Address" field, enter the hostname or IP address of your company firewall provided to you by your company | #In the "Internet Address" field, enter the hostname or IP address of your company firewall provided to you by your company | ||
#The "Destination Name" field requires an arbitrary value that identifies what you are connecting | #The "Destination Name" field requires an arbitrary value that identifies what you are connecting to (IE put anything that identifies to you personally what you are connecting to) | ||
##If you are unsure what to put in this field, use your Company's Name | ##If you are unsure what to put in this field, use your Company's Name | ||
#Select "Don't connect now, just set it up so I can connect later" | #Select "Don't connect now, just set it up so I can connect later" | ||
Line 34: | Line 35: | ||
#Click the button called "Advanced"=>Deselect "Verify the Name and Usage attributes for the server's certificate"=>Click OK | #Click the button called "Advanced"=>Deselect "Verify the Name and Usage attributes for the server's certificate"=>Click OK | ||
#Set "Data encryption" to "Optional encryption (connect even if no encryption)" | #Set "Data encryption" to "Optional encryption (connect even if no encryption)" | ||
#Under "Authentication", ensure "Allow these protocols is selected=>Ensure "Unencrypted Password (PAP) is deselected=>Ensure "Challenge | #Under "Authentication", ensure "Allow these protocols" is selected=>Ensure "Unencrypted Password (PAP)" is deselected=>Ensure "Challenge Handshake Authentication Protocol (CHAP)" is selected | ||
##"Microsoft CHAP Version 2 (MSCHAP v2)" can be selected or deselected, but "Automatically use any Windows logon name and password" should not be selected | ##"Microsoft CHAP Version 2 (MSCHAP v2)" can be selected or deselected, but "Automatically use any Windows logon name and password" should not be selected | ||
#Click OK | #Click OK | ||
Line 40: | Line 41: | ||
##A Note on saving passwords: do not save the password unless you are the only one using this computer, instead enter it every time you connect | ##A Note on saving passwords: do not save the password unless you are the only one using this computer, instead enter it every time you connect | ||
==Using IKEv2 on Windows 7== | ==Using IKEv2 on Windows 7(Legacy)== | ||
#Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network" | #Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network" | ||
#Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)" | #Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)" | ||
#In the "Internet Address" field, enter the hostname | #In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company | ||
##Note that using the IP address of the firewall will probably fail. | |||
#The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too) | #The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too) | ||
##If you are unsure what to put in this field, use your Company's Name | ##If you are unsure what to put in this field, use your Company's Name | ||
#Select "Don't connect now, just set it up so I can connect later" | #Select "Don't connect now, just set it up so I can connect later" | ||
#Click Next=> | #Click Next=>Leave all Fields Blank and Click Create=>Click Close | ||
#In the lower-right corner of your screen by the clock, click the network icon | #In the lower-right corner of your screen by the clock, click the network icon | ||
#The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab | #The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab | ||
##If you don't have a properties button, in the control panel under Network and Sharing Center, on the left side will be a "Manage Network Connections" link. In there, you will find your VPN connection. Right-click that, choose properties, and select the "Security" tab. | |||
#Set "type of VPN" to IKEv2 | #Set "type of VPN" to IKEv2 | ||
#Click Advanced Settings=>ensure Mobility is checked and Network outage time is set to 30 minutes=>click OK | #Click Advanced Settings=>ensure Mobility is checked and Network outage time is set to 30 minutes=>click OK | ||
#Set | #Set Data Encryption to Require Encryption | ||
#Select the radio button for "Use Machine Certificates" | #Select the radio button for "Use Machine Certificates" | ||
#Click OK | #Click OK | ||
==Using IKEv2 on Windows 10/11== | |||
#Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network" | |||
#Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)" | |||
#In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company | |||
##Note that using the IP address of the firewall will probably fail. | |||
#The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too) | |||
##If you are unsure what to put in this field, use your Company's Name | |||
#Leave all fields default and Click Create | |||
#Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Change adapter settings" | |||
##Right click on the VPN connection you created in step 4 =>Goto Properties | |||
##Under Security change type of VPN to "IKEV2", Data encryption to "Require Encryption" and Authentication to "Use Machine Certificates" | |||
#Your VPN connection is ready. Connect to VPN by going to the right bottom corner and click the network icon labeled "Destination Name" above and click "Connect" | |||
==Using a Mac== | ==Using a Mac== | ||
* | *Mac setups require the use of a mobile.config, please request assistance from us for help in getting this setup working. |
Latest revision as of 15:53, 2 January 2024
BEFORE YOU BEGIN: you need the following items:
- A P12 Certificate with a password
- If your company firewall uses L2TP or IKEv2
- The Hostname or IP Address of your company firewall
- Note: if using IKEv2 you will be required to know and use the DNS name of your company firewall
- If you are using L2TP, you need a username/password combination
- NOTE:Actions Listed in {Curly Braces} may *not* be present, depending on the existing configuration of your computer
Installing the Certificate - Windows 7/8/10
- Press Windows Key+R to open a run window=>Enter mmc in the only available field=>click OK
- In the window the opens, click file=>Add/Remove Snapin
- Double-Click Certificates=>Select Computer Account and click Next=>Select Local Computer and click Finish=>Click OK
- In the left pane, expand Certificates=>right click Personal=>Select All tasks=>Click Import
- Click Next=>Click Browse=>navigate to the location of your P12 file
- At the bottom right of the window, use the drop down menu to select Personal Information Exchange=>Double click your P12 file
- Click Next=>Enter your Certificate Password=>click Next=>Select "Automatically Select ..."=>Click Next=>Click Finish
- Close this window=>Select No when prompted to save
Setup L2TP on Windows 7/8/10
- NOTE: For windows 8/10, the settings are the same, but they aren't all in the same place. Please contact Computerisms for assistance.
- Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
- Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
- In the "Internet Address" field, enter the hostname or IP address of your company firewall provided to you by your company
- The "Destination Name" field requires an arbitrary value that identifies what you are connecting to (IE put anything that identifies to you personally what you are connecting to)
- If you are unsure what to put in this field, use your Company's Name
- Select "Don't connect now, just set it up so I can connect later"
- Click Next=>Enter the L2TP Username provided to you=>Enter the L2TP Password provided to you
- In the lower-right corner of your screen by the clock, click the network icon
- The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab
- Set "Type of VPN" to "Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)"
- Click the button called "Advanced"=>Deselect "Verify the Name and Usage attributes for the server's certificate"=>Click OK
- Set "Data encryption" to "Optional encryption (connect even if no encryption)"
- Under "Authentication", ensure "Allow these protocols" is selected=>Ensure "Unencrypted Password (PAP)" is deselected=>Ensure "Challenge Handshake Authentication Protocol (CHAP)" is selected
- "Microsoft CHAP Version 2 (MSCHAP v2)" can be selected or deselected, but "Automatically use any Windows logon name and password" should not be selected
- Click OK
- In the lower-right corner of your screen by the clock, click the network icon=>Select the same connection=>Click Connect=>{Click Connect}
- A Note on saving passwords: do not save the password unless you are the only one using this computer, instead enter it every time you connect
Using IKEv2 on Windows 7(Legacy)
- Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
- Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
- In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company
- Note that using the IP address of the firewall will probably fail.
- The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too)
- If you are unsure what to put in this field, use your Company's Name
- Select "Don't connect now, just set it up so I can connect later"
- Click Next=>Leave all Fields Blank and Click Create=>Click Close
- In the lower-right corner of your screen by the clock, click the network icon
- The value you entered for "Destination Name" above will be listed here=>right click it=>Choose properties=>Select the "Security" tab
- If you don't have a properties button, in the control panel under Network and Sharing Center, on the left side will be a "Manage Network Connections" link. In there, you will find your VPN connection. Right-click that, choose properties, and select the "Security" tab.
- Set "type of VPN" to IKEv2
- Click Advanced Settings=>ensure Mobility is checked and Network outage time is set to 30 minutes=>click OK
- Set Data Encryption to Require Encryption
- Select the radio button for "Use Machine Certificates"
- Click OK
Using IKEv2 on Windows 10/11
- Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Set up a new connection or network"
- Select "Connect to a workplace"=>Next=>{Select "No, Create a new connection"}=>Select "Use my Internet connection (VPN)"
- In the "Internet Address" field, enter the DNS hostname of your company firewall provided to you by your company
- Note that using the IP address of the firewall will probably fail.
- The "Destination Name" field requires an arbitrary value that identifies what you are connecting too (IE put anything that identifies to you personally what you are connecting too)
- If you are unsure what to put in this field, use your Company's Name
- Leave all fields default and Click Create
- Navigate to the Control Panel=>{Network and Internet}=>Network and Sharing Center=>Select "Change adapter settings"
- Right click on the VPN connection you created in step 4 =>Goto Properties
- Under Security change type of VPN to "IKEV2", Data encryption to "Require Encryption" and Authentication to "Use Machine Certificates"
- Your VPN connection is ready. Connect to VPN by going to the right bottom corner and click the network icon labeled "Destination Name" above and click "Connect"
Using a Mac
- Mac setups require the use of a mobile.config, please request assistance from us for help in getting this setup working.