IKEv2 VPN Server Setup

  1. Home
  2. Uncategorized
  3. IKEv2 VPN Server Setup
December 27, 2024 | tomasz | Uncategorized

IKEv2 VPN Server Setup

  1. Create Root CA
  2. Create CA subordinate to the Root CA
  3. Create certificate template with EKU
    1. Server Authentication
    2. IP security IKE intermediate    (capitalization matters)
  4. Publish the template in AD
  5. Generate Certificate signing request on the VPN server
  6. Use certlm.msc
    1. Request personal certificate -> All Tasks -> Advanced Operations -> Create Custom Request
    2. Select template that was just created
    3. Click on “Details”, “Properties”
    4. In the “Subject Name” add Common name like “VPNServer.EXAMPLE.com”
    5. Add “Domain component” VPNServer, EXAMPLE, com (order matters)
    6. Add “Alternative name” DNS VPNServer.EXAMPLE.com
    7. Save certificate request file
  7. On CA server select All Tasks->Submit new request
    1. Select certificate request that was created, select certificate file name and process the certificate
  8. On VPN server select: All tasks -> import -> select the certificate file
    1. Import as “Personal”
  9. Install Routing and Remote Access on the VPN server
    1. Restrict VPN server to use IKEv2. Select only IKEv2 ports
    2. Right-click on the server Properties -> Security -> Authentication methods: EAP, MS-CHAP2
    3. Certificate binding. Select the certificate.
  10. Start RRAS
  11. On VPN firewall open UDP:500, 4500 and protocol 50 (ESP)
  12. On client computer create VPN connection
    1. Windows built-in provider
    2. Select connection name and VPN server address
    3. Select connection type IKEv2
    4. Install Root CA cert in: local machine, “Root certificate authority store”
    5. Test the connection

About the Author

tomasz

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.