Rockhopper VPN

IPsec/IKEv2-based VPN software for Linux

• Top
• About
• Getting Started
• Screenshots
• Download
• Documents
• Contact

Connect a Windows 7 VPN client with Rockhopper.

• Create a Rockhopper's certificate compatible with a Windows 7/8/10 VPN client by XCA.
  
  
• Import a PKCS#12 file or a CA certificate(X.509) into Windows 7/8/10.

- Use Extensible Authentication Protocol - EAP-MSCHAPv2 and X.509

1. Import a CA certificate(X.509) for the Computer account by Microsoft Management Console(MMC).

   
   
   1. Open Microsoft Management Console(MMC) by clicking the Start button, enter "mmc" into the search box, and push Enter.
   2. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
   3. Click the certificates under Available snap-ins and push Add.
   4. Select the Computer account and push Next.
   5. Select the Local computer and push Finish.
   6. Push OK on Add or Remove Snap-ins dialog and close it.
   7. Click the folder Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
   8. Click Next and follow the instructions.
      - An imported CA certificate's file: e.g. TestCa-cacert.pem
   
   

2. Set up a VPN connection.

   
   
   1. Open Network and sharing center from Control Panel and select Set up a new connection or network.
   2. Click Connect to a workplace and push Next.
   3. Click Use my Internet connection (VPN).
   4. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name, check Don't connect now; just set it up so I can connect later and push Next.
   5. Enter your name (e.g. "alice") into User Name and your password (e.g. "1234567890") into Password. Push Create and close the wizard dialog.
   6. Open Network and sharing center from Control Panel again and select Change adapter settings.
   7. Open the properties dialog of Example VPN adapter and show Security tab.
   8. Enter the following:
      - Type of VPN: IKEv2
      - Data encryption: Require encryption (disconnect if server declines)
      - Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
      
   9. Push OK.
   
   

   - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).

   
   
   1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
   2. Add the following line into this hosts file.
      
      

      10.0.0.1   gateway1.example.com   # (Example VPN)

      
      
   3. Save and close the file.
      
   
   

3. Connect VPN

   
   
   1. Move the cursor to the right corner of your screen and click the Network icon.
   2. Click Example VPN and then push Connect.
   3. On the Sign in dialog, enter your user name (e.g. "alice") and your password (e.g. "1234567890"), and then push OK button.
   
   

- Use machine certificate - PKCS#12/X.509

1. - Import a certificate, a private key and a CA certificate for the Computer account by Microsoft Management Console(MMC).

   
   
   1. Open Microsoft Management Console(MMC) by clicking the Start button, enter "mmc" into the search box, and push Enter.
   2. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
   3. Click the certificates under Available snap-ins and push Add.
   4. Select the Computer account and push Next.
   5. Select the Local computer and push Finish.
   6. Push OK on Add or Remove Snap-ins dialog and close it.
   7. Click the folder Certificates(Local Computer) / Personal / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
   8. Click Next and follow the instructions.
      - An imported PKCS#12 file: e.g. remotehost1.example.com.p12
      - Password for the private key: e.g. naisho
      
   9. If a CA's certificate (TestCA) is extracted into Certificates(Local Computer) / Personal / Certificates folder, move it to Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder by dragging and dropping the certificate's icon.
   
   

2. Set up a VPN connection.

   
   
   1. Open Network and sharing center from Control Panel and select Set up a new connection or network.
   2. Click Connect to a workplace and push Next.
   3. Click Use my Internet connection (VPN).
   4. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name, check Don't connect now; just set it up so I can connect later and push Next.
   5. Enter "alice" into User Name and "1234567890" into Password. Push Create and close the wizard dialog. Actually, these information will not be used when you choose RSA-sinature(certificate) as an authentication method.
   6. Open Network and sharing center from Control Panel again and select Change adapter settings.
   7. Open the properties dialog of Example VPN adapter and show Security tab.
   8. Enter the following:
      - Type of VPN: IKEv2
      - Data encryption: Require encryption (disconnect if server declines)
      - Authentication: Use machine certificates
      
   9. Push OK.
   
   

   - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).

   
   
   1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
   2. Add the following line into this hosts file.
      
      

      10.0.0.1   gateway1.example.com   # (Example VPN)

      
      
   3. Save and close the file.
      
   
   

3. Connect VPN

   
   
   1. Move the cursor to the right corner of your screen and click the Network icon.
   2. Click Example VPN and then push Connect.

Back to Top

Copyright © 2011 T.HANADA All Rights Reserved.