You can connect Windows 10 devices to Untangle NG Firewall using IPsec VPN with IKEv2. This type of connection can use full tunnel so that all Internet traffic routes through the VPN tunnel.
Before you can set up IPsec tunnels from Windows 10, you must properly configure the following items:
- A fully qualified hostname that resolves to the Internet IP address of your Untangle NG Firewall.
- A root SSL certificate and server certificate to match your fully qualified Internet hostname.
- Add users either via the Directory Connector app or in the local directory.
You can find instructions for each of these items in a separate KB article - Configuring an IKEv2 IPsec connection from iOS to Untangle NG Firewall.
Step 1. Install the certificate
Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.
To install the certificate on the Windows 10 device:
- Open a browser on the Windows 10 device and navigate to https://your_firewall_host/cert
- The browser downloads the certificate file. Locate this file in your downloads folder.
- Then, open the downloaded certificate file.
- Click “Install Certificate…”
- Select “Local Machine” and click Next.
- Select “Place all certificates in the following store” and click “Browse…”
- Select “Trusted Root Certification Authorities”, click OK, then click “Next”.
- Click “Finish”.
- Click “OK” on both windows.
Set up a VPN connection:
- Open the Windows Start Menu and start typing “control panel“. Click on the Control Panel in the results.
- Open Network and Internet.
- Click on Network and Sharing Center.
- Click Set up a new connection or network.
- Click Connect to a workplace and click Next.
- If you are asked “Do you want to use a connection that you already have?”, select “No, create a new connection” and click Next.
- Click Use my Internet connection (VPN).
- Internet address is the hostname of your server, the same as the name on your certificate.
- Destination name is your custom VPN connection name.
- Open Network and Sharing Center again and click Change adapter settings.
- Right click the adapter with the name you created, then click Properties. Select the Security tab.
- Enter the following:
- Type of VPN: IKEv2
- Data encryption: Require encryption (disconnect if server declines)
- Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
- Click OK.
Connecting the VPN:
- Move the cursor to the right corner of your screen and click the Network icon and click on connection name that you created, then Connect.
- In the Sign in dialog, enter your Untangle credentials.