StrongSwan: Difference between revisions
m →Creating a certificate for clients: Changed server to client, removed redundancy |
m →Miscellaneous Settings: Added to Windows 7 statement |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 235: | Line 235: | ||
= Configuring Windows = | = Configuring Windows = | ||
This part is arguably the more trickier part of the procedure. The Windows "Agile VPN" client has particular ways it must be configured or the VPN connection will fail. Error messages emitted when the connection fails are generally unhelpful and need manual troubleshooting to find the problem. If followed correctly, these procedures will allow you to connect successfully first time. | This part is arguably the more trickier part of the procedure. The Windows "Agile VPN" client has particular ways it must be configured or the VPN connection will fail. Error messages emitted when the connection fails are generally unhelpful and need manual troubleshooting to find the problem. If followed correctly, these procedures will allow you to connect successfully first time. These instructions work for Windows >7. | ||
== Installing the certificates == | == Installing the certificates == | ||
| Line 258: | Line 258: | ||
== Making the VPN profile == | == Making the VPN profile == | ||
Windows 10 | Windows >7 can make a new VPN profile via the Control Panel. Windows 10 can make a new VPN profile both via the Control Panel or the Settings App. We will be using the Control Panel method as this allows more control of the profile. | ||
* Open the Control Panel. Change to the Large Icon view if needed. | * Open the Control Panel. Change to the Large Icon view if needed. | ||
| Line 285: | Line 285: | ||
== Configuring strong encryption/ECDSA for the VPN connection == | == Configuring strong encryption/ECDSA for the VPN connection == | ||
Windows PowerShell is used to change the encryption settings for the VPN connection. | Windows PowerShell is used to change the encryption settings for the VPN connection. This only works on Windows 10 machines as these support the newer ciphers whereas Windows <10 does not support them so well. | ||
* In the Start menu, type "powershell". [[File:Administrator_Shield.png]] Click "Windows PowerShell" when it appears. It may take a few moments for the prompt to be appear and become ready to use. | * In the Start menu, type "powershell". [[File:Administrator_Shield.png]] Click "Windows PowerShell" when it appears. It may take a few moments for the prompt to be appear and become ready to use. | ||
| Line 316: | Line 316: | ||
'''NOTE: This doesn't seem to have any effect on Windows 10 if your are manually configuring the connection with PowerShell.''' | '''NOTE: This doesn't seem to have any effect on Windows 10 if your are manually configuring the connection with PowerShell.''' | ||
There is a Windows registry key that may need to be enabled to allow the use of stronger encryption settings. It is not clear at this stage if these settings are required, but the instructions are left here in case they are needed. | There is a Windows registry key that may need to be enabled to allow the use of stronger encryption settings. It is not clear at this stage if these settings are required, but the instructions are left here in case they are needed. These settings are, however, needed for Windows 7 clients which falls back to weak encryption if this is not configured and is probably needed since StrongSwan doesn't support the weak ciphers proposed by Windows 7 any more. | ||
* Press {{key press|Win | * Press {{key press|Win|R}} to open the Run box. | ||
* [[File:Administrator_Shield.png]] Type <code>regedit</code> and click OK. | * [[File:Administrator_Shield.png]] Type <code>regedit</code> and click OK. | ||
* Navigate to the following registry path: | * Navigate to the following registry path: | ||