90.11. Windows native VPN Client with IKEv2 Mode
Prev Chapter 90. IPsec clients Next

90.11. Windows native VPN Client with IKEv2 Mode

90.11.1. Checklist of parameters

This table show the parameters of Windows native VPN Client and their corresponding parameters in Abilis configuration.

Table 90.12. Checklist of parameters

The Windows native VPN Client parameterAbilis IKE TableAbilis IKE Table parameter
Server name or addressHOSTLOC-IP
User nameHOSTAUTH2-USER
PasswordHOSTAUTH2-PWD

90.11.2. Configuring Windows native VPN Client

Please enter the following commands to configure the VPN in Abilis. Refer to Section 83.19.1, “How to configure a RAS using IPSEC VPN server” to for the configuration of IPsec and IKE resources.

[14:51:53] ABILIS_CPX:a ike host:1 name:Windows_IKE2 locip:80.80.80.80 remip:* id-type:cert side:inside mode:ike2 auth:rsa dh:modp1024 auth2:eap-mschap auth2-user:vpn_user auth2-pwd:vpn_password cert-send:no asn1-dn:/CN=domain.adiens.it cert-peer:no  cert-verify:no

COMMAND EXECUTED 

[14:55:35] ABILIS_CPX:a ike cli:1 host:1 net-loc:0.0.0.0/0 net-rem:10.0.2.10/32 pfs:no name:Windows_IKE2_Cli

COMMAND EXECUTED
[Caution]Caution

To activate the changes made, execute the initialization command init res:ike.

To view the configuration made above, use the following commands.

[14:57:49] ABILIS_CPX:d ike host:1 -cli

-------------------------------------------------------------------------------
HOST: NAME:                              LIFETIME:  HASH:     DPD:    DPD-ACTION:
      LOCIP:          NATT:   MODE:      MODE-CFG:  DH:               DPD-DELAY:
      REMIP:          SIDE:   AUTH:      AUTH2:     CIPHER:   SA-TRY: DPD-TOUT:
      AUTH2-USER:                        AUTH2-PWD:
      -- ID -------------------------------------------------------------------
      ID-TYPE:        IP:/ID:
      PEER-ID-TYPE:   PEER-IP:/PEER-ID:
      -- RSA Cert -------------------------------------------------------------
      CERT-SEND:      ASN1-DN:
      CERT-PEER:      PEER-ASN1-DN:
      CERT-VERIFY:
-------------------------------------------------------------------------------
1     Windows_IKE2                       3600       SHA1      YES     STOP
      080.080.080.080 YES     IKE2                  MODP1024          30
      *               INSIDE  RSA        EAP-MSCHAP AES256    3       120
      vpn_user                           ********
      -- ID -------------------------------------------------------------------
      CERT           
      REMIP           
      -- RSA Cert -------------------------------------------------------------
      NO              /CN=domain.adiens.it
      NO              
      NO
-------------------------------------------------------------------------------

IKE Clients: 

-------------------------------------------------------------------------------
CLI:  NAME:                                LIFETIME: ESP:        AH:
HOST: NET-LOC:           RULE:  PASSIVE:   PFS:      ESP-AUTH:   AH-AUTH:
      NET-REM:                  PERMANENT: TUNNEL:   ESP-CIPHER: MODE-CFG-DNS:
-------------------------------------------------------------------------------
1     Windows_IKE2_Cli                     28800     YES         NO
1     000.000.000.000/00 IPSEC  YES        NO        SHA1        SHA1
      010.000.002.010/32        YES        YES       AES256      SYS
-------------------------------------------------------------------------------

To configure a Windows native VPN Client connection with Abilis, follow these settings:

  1. Proceed to Windows Start Menu and then click on Settings.

  2. Select Network & Internet at the left menu and then click VPN.

  3. Click Add VPN button.

  4. Enter the VPN server details. Enter the server’s domain name or IP address in the Server name or address field, then fill in Connection name with something that describes your VPN connection, User name and Password. Then click Save.

  5. On your taskbar, select the Network icon > VPN.

  6. Next to the VPN connection you want to use, select Connect.

  7. Underneath the VPN connection name will display Connected.

[Tip]Tip

Interesting chapter: Section 50.8, “IKEv2 Mode with Certificate: Example of IPSEC configuration”.

90.11.3. Install the trusted root certificate on Windows

To install the trusted root certificate on Windows, follow these settings:

  1. Double-click the .cer file to launch it. From the certificate, click Install Certificate.

  2. The Certificate Import Wizard will now be launched. From there, select Local Machine as the Store Location and then click Next.

  3. Click Yes button on User Account Control pop-up.

  4. Now select Place all certificates in the following store and click Browse button.

  5. Now select Trusted Root Certification Authorities folder and click OK button.

  6. Then click Next.

  7. Then click Finish.

  8. In the Certificate Import Wizard dialog box indicating a successful import, click OK.

Prev Up Next
90.10. Ubuntu Strongswan VPN Client with IKEv2 Mode Home Chapter 91. PPPoE clients