IKEv2/IPSec setup on Windows 10

Overview

You can connect Windows 10 devices to Untangle NG Firewall using IPsec VPN with IKEv2. This type  of connection can use full tunnel so that all Internet traffic routes through the VPN tunnel.

Prerequisites

Before you can set up IPsec tunnels from Windows 10, you must properly configure the following items:

  • A fully qualified hostname that resolves to the Internet IP address of your Untangle NG Firewall.
  • A root SSL certificate and server certificate to match your fully qualified Internet hostname.
  • Add users either via the Directory Connector app or in the local directory.

You can find instructions for each of these items in a separate KB article - Configuring an IKEv2 IPsec connection from iOS to Untangle NG Firewall.

Step 1. Install the certificate

Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.

To install the certificate on the Windows 10 device:

  1. Open a browser on the Windows 10 device and navigate to https://your_firewall_host/cert
  2. The browser downloads the certificate file. Locate this file in your downloads folder.
  3. Then, open the downloaded certificate file.

cert_run.png

  1. Click “Install Certificate…
    cert_run1.png

  2. Select “Local Machine” and click Next.
    cert_import.png

  3. Select “Place all certificates in the following store” and click “Browse…
    cert_import1.png

  4. Select “Trusted Root Certification Authorities”, click OK, then click “Next”.
    cert_import2.png

  5. Click “Finish”.
    cert_import3.png

  6. Click “OK” on both windows.
    cert_import4.png

 

Set up a VPN connection:

  1. Open the Windows Start Menu and start typing “control panel“. Click on the Control Panel in the results.
    Win10.png

  2. Open Network and Internet.
    Win10-1.png

  3. Click on Network and Sharing Center.Win10-2.png

  4. Click Set up a new connection or network.Win10-3.png

  5. Click Connect to a workplace and click Next.
    Win10-4.png

  6. If you are asked “Do you want to use a connection that you already have?”, select “No, create a new connection” and click Next.

  7. Click Use my Internet connection (VPN).
    Win10-5.png

  8. Internet address is the hostname of your server, the same as the name on your certificate.
  9. win10-newikevpn.png

  10. Destination name is your custom VPN connection name.

  11. Open Network and Sharing Center again and click Change adapter settings.
    Win10-6.png

  12. Right click the adapter with the name you created, then click Properties. Select the Security tab.

  13. Enter the following:
    • Type of VPN: IKEv2
    • Data encryption: Require encryption (disconnect if server declines)
    • Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
    Click OK.
    Win10-7.png

  14. Click OK.

Connecting the VPN:

  1. Move the cursor to the right corner of your screen and click the Network icon and click on connection name that you created, then Connect.

  2. In the Sign in dialog, enter your Untangle credentials.

 

 

 

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk