If you can handle the Windows side, then probably this would be a good
start on the libreswan side for a roadwarrior configuration:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
There are some specific requirements on the certificate that are
demanded by Windows.
Another good source of information (at least it was for me) is the
strongswan documentation, where I got the details on how to create the
VPN connection and configure the certificate.
By the way, you don't need to mess with regedit, powershell is all you
need to set up the vpn ipsec parameters properly on Windows:
https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration
On 2/29/2024 5:26 AM, Marc wrote:
In particular, Win10 still defaults to DH group 2 (1024 bit), which is
known to be insecure, and libreswan rejects it by default, IIRC.
I'm not sure about Win11, but I would expect MS to stick to their design.
Yes Indeed. I have made some powershell/regedit scripts that change these
defaults. So I can send someone these. Inspecting such files and asking someone
to double click them is not ideal, but still doable.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
