From 453d7ec637f98392bfd06d28f1138812d5f4f904 Mon Sep 17 00:00:00 2001
From: LRVT <21357789+l4rm4nd@users.noreply.github.com>
Date: Wed, 5 Apr 2023 00:20:21 +0200
Subject: [PATCH] Update README.md

adjust import notes
---
 examples/ipsec-vpn-server/README.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/examples/ipsec-vpn-server/README.md b/examples/ipsec-vpn-server/README.md
index cb4269f..1ccca3a 100644
--- a/examples/ipsec-vpn-server/README.md
+++ b/examples/ipsec-vpn-server/README.md
@@ -8,14 +8,17 @@
 # copy IKEv2 VPN profile from docker container onto host
 docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./
 
-# elevated powershell; import the VPN profile into Windows
+# inspect randomly created certificate password
+docker logs ipsec-vpn-server
+
+# elevated powershell; import the VPN profile into Windows using the password from docker logs above
 certutil.exe -f -importpfx .\vpnclient.p12 NoExport
 
-# manually add the new IKEv2 VPN connection
+# elevated powershell; set additional reg key to harden IKEv2 key exchange
+REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
+
+# lowpriv powershell; add the IKEv2 VPN connection
 powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
 
 powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
-
-# set additional reg key to harden IKEv2 key exchange
-REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
 ````