Connect a Windows 8 VPN client with Rockhopper.






- Use Extensible Authentication Protocol - EAP-MSCHAPv2 and X.509


  1. Import a CA certificate(X.509) for the Computer account by Microsoft Management Console(MMC).


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Open Microsoft Management Console(MMC) by clicking the Search icon and entering "mmc" into the search box.
    3. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
    4. Click the certificates under Available snap-ins and push Add.
    5. Select the Computer account and push Next.
    6. Select the Local computer and push Finish.
    7. Push OK on Add or Remove Snap-ins dialog and close it.
    8. Click the folder Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
    9. Click Next and follow the instructions.
      - An imported CA certificate's file: e.g. TestCa-cacert.pem

  2. Set up a VPN connection.


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Open Control Panel by clicking the Search icon and entering "Control Panel" into the search box.
    3. Open Network and sharing center from the Control Panel's Network and Internet and then click Set up a new connection or network.
    4. Click Connect to a workplace and push Next.
    5. Click Use my Internet connection (VPN).
    6. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name and push Create.
    7. Open Network and sharing center from Control Panel again and click Change adapter settings.
    8. Open the properties dialog of Example VPN adapter and show Security tab.
    9. Enter the following:
      - Type of VPN: IKEv2
      - Data encryption: Require encryption (disconnect if server declines)
      - Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
    10. Push OK.

    - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).


    1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
    2. Add the following line into this hosts file.

      10.0.0.1   gateway1.example.com   # (Example VPN)

    3. Save and close the file.

  3. Connect VPN


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Click Settings and then click the Network icon.
    3. In Networks click the VPN connection Example VPN and then push Connect.
    4. Enter your user name (e.g. "alice") and your password (e.g. "1234567890"), and then push Connect button.



- Use machine certificate - PKCS#12/X.509


  1. - Import a certificate, a private key and a CA certificate for the Computer account by Microsoft Management Console(MMC).


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Open Microsoft Management Console(MMC) by clicking the Search icon and entering "mmc" into the search box.
    3. On the File menu, point to Add/Remove Snap-in, and open the Add or Remove Snap-ins dialog.
    4. Click the certificates under Available snap-ins and push Add.
    5. Select the Computer account and push Next.
    6. Select the Local computer and push Finish.
    7. Push OK on Add or Remove Snap-ins dialog and close it.
    8. Click the folder Certificates(Local Computer) / Personal / Certificates folder, click the Action menu, point to All Tasks, and then click Import.
    9. Click Next and follow the instructions.
      - An imported PKCS#12 file: e.g. remotehost1.example.com.p12
      - Password for the private key: e.g. naisho
    10. If a CA's certificate (TestCA) is extracted into Certificates(Local Computer) / Personal / Certificates folder, move it to Certificates(Local Computer) / Trusted Root Certification Authorities / Certificates folder by dragging and dropping the certificate's icon.

  2. Set up a VPN connection.


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Open Control Panel by clicking the Search icon and entering "Control Panel" into the search box.
    3. Open Network and sharing center from the Control Panel's Network and Internet and then click Set up a new connection or network.
    4. Click Connect to a workplace and push Next.
    5. Click Use my Internet connection (VPN).
    6. Enter gateway1.example.com (Rockhoppper's hostname) into Internet Address and Example VPN into Destination name and push Create.
    7. Open Network and sharing center from Control Panel again and click Change adapter settings.
    8. Open the properties dialog of Example VPN adapter and show Security tab.
    9. Enter the following:
      - Type of VPN: IKEv2
      - Data encryption: Require encryption (disconnect if server declines)
      - Authentication: "Use machine certificates"
    10. Push OK.

    - Edit the hosts file if DNS service is not available for gateway1.example.com (Rockhoppper's hostname).


    1. Open "C:Windows/System32/drivers/etc/hosts" by notepad as an administrator. If you can't find these folders, please see Show hidden files.
    2. Add the following line into this hosts file.

      10.0.0.1   gateway1.example.com   # (Example VPN)

    3. Save and close the file.

  3. Connect VPN


    1. Move the cursor to the right corner of your screen and open Charms.
    2. Click Settings and then click the Network icon.
    3. In Networks click the Example VPN connection and then push Connect.

Back to Top