Rockhopper VPN

IPsec/IKEv2-based VPN software for Linux

• Top
• About
• Getting Started
• Screenshots
• Download
• Documents
• Contact

Connect a Windows 10 VPN client with Rockhopper.

[2015/08/08] Avoid adding a new VPN connection on the new 'Network & Internet' Window (Start Menu > Settings > VPN > 'Add a VPN connection') because there may be a case where an IPv4 defaut route via the connection is not added. Instead, set up the new connection on the 'Network and Sharing Center' window (Start Menu > Settings > Network & Internet > VPN > Network and Sharing Center > 'Set up a new connection and network') and configure IKEv2 for it on the each VPN adapter's 'Properties' window. (Start Menu > Settings > Network & Internet > VPN > 'Change adapter options' > Right-click The created VPN adapter's icon.) Of course, you can open the 'Network and Sharing Center' window from the Control Panel like Windows 7/8. I hope this spec or problem will be clarified by Microsoft.

• Create a Rockhopper's certificate compatible with a Windows 7/8/10 VPN client by XCA.
  
  
• Import a PKCS#12 file or a CA certificate(X.509) into Windows 7/8/10.

- Use Extensible Authentication Protocol - EAP-MSCHAPv2 and X.509

1. Import a CA certificate(X.509) for the Computer account by Microsoft Management Console(MMC).

   
   
   1. Move the cursor to the right corner of your screen and click Search the Web and Windows.
   2. Open Microsoft Management Console(MMC) by entering "mmc" into the search box.
   3. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
   4. Click the certificates under Available snap-ins and push Add.
   5. Select the Computer account and push Next.
   6. Select the Local computer and push Finish.
   7. Push OK on Add or Remove Snap-ins dialog and close it.
   8. Click the folder Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
   9. Click Next and follow the instructions.
      - An imported CA certificate's file: e.g. TestCa-cacert.pem
   
   

2. Set up a VPN connection.

   
   
   1. Move the cursor to the right corner of your screen and click Search the Web and Windows.
   2. Open Network and sharing center by entering Network and sharing center into the search box and then click Set up a new connection or network.
   3. Click Connect to a workplace and push Next.
   4. If you are asked "Do you want to use a connection that you already have?", select "No, create a new connection" and then push Next.
   5. Click Use my Internet connection (VPN).
   6. Click I'll set up an Internet connection later..
   7. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name and push Create.
   8. Open Network and sharing center again and click Change adapter settings.
   9. Open the properties dialog of Example VPN adapter and show Security tab.
   10. Enter the following:
       - Type of VPN: IKEv2
       - Data encryption: Require encryption (disconnect if server declines)
       - Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
       
   11. Push OK.
   
   

   - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).

   
   
   1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
   2. Add the following line into this hosts file.
      
      

      10.0.0.1   gateway1.example.com   # (Example VPN)

      
      
   3. Save and close the file.
      
   
   

3. Connect VPN

   
   
   1. Move the cursor to the right corner of your screen and click the Network icon.
   2. Click Example VPN.
   3. On the Network & Internet Window, select the Example VPN and then push Connect.
   4. On the Sign in dialog, enter your user name (e.g. "alice") and your password (e.g. "1234567890"), and then push OK button.
   
   

- Use machine certificate - PKCS#12/X.509

1. - Import a certificate, a private key and a CA certificate for the Computer account by Microsoft Management Console(MMC).

   
   
   1. Move the cursor to the right corner of your screen and click Search the Web and Windows.
   2. Open Microsoft Management Console(MMC) by entering "mmc" into the search box.
   3. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
   4. Click the certificates under Available snap-ins and push Add.
   5. Select the Computer account and push Next.
   6. Select the Local computer and push Finish.
   7. Push OK on Add or Remove Snap-ins dialog and close it.
   8. Click the folder Certificates(Local Computer) / Personal / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
   9. Click Next and follow the instructions.
      - An imported PKCS#12 file: remotehost1.example.com.p12
      - Password for the private key: naisho
      
   10. If a CA's certificate (TestCA) is extracted into Certificates(Local Computer) / Personal / Certificates folder, move it to Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder by dragging and dropping the certificate's icon.
   
   

2. Set up a VPN connection.

   
   
   1. Move the cursor to the right corner of your screen and click Search the Web and Windows.
   2. Open Network and sharing center by entering Network and sharing center into the search box and then click Set up a new connection or network.
   3. Click Connect to a workplace and push Next.
   4. If you are asked "Do you want to use a connection that you already have?", select "No, create a new connection" and then push Next.
   5. Click Use my Internet connection (VPN).
   6. Click I'll set up an Internet connection later..
   7. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name and push Create.
   8. Open Network and sharing center again and click Change adapter settings.
   9. Open the properties dialog of Example VPN adapter and show Security tab.
   10. Enter the following:
       - Type of VPN: IKEv2
       - Data encryption: Require encryption (disconnect if server declines)
       - Authentication: "Use machine certificates"
       
   11. Push OK.
   
   

   - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).

   
   
   1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
   2. Add the following line into this hosts file.
      
      

      10.0.0.1   gateway1.example.com   # (Example VPN)

      
      
   3. Save and close the file.
      
   
   

3. Connect VPN

   
   
   1. Move the cursor to the right corner of your screen and click the Network icon.
   2. Click Example VPN.
   3. On the Network & Internet Window, select the Example VPN and then push Connect.
   
   

Back to Top

Copyright © 2011 T.HANADA All Rights Reserved.