mathdatech/Compose-Examples
1
0
Fork 0
mirror of https://github.com/Haxxnet/Compose-Examples synced 2025-02-17 13:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
adjust import notes
This commit is contained in:
LRVT 2023-04-05 00:20:21 +02:00 committed by GitHub
parent 1d954b0412
commit 453d7ec637
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
examples/ipsec-vpn-server/README.md
View File

@ -8,14 +8,17 @@
# copy IKEv2 VPN profile from docker container onto host # copy IKEv2 VPN profile from docker container onto host
docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./ docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./
# elevated powershell; import the VPN profile into Windows # inspect randomly created certificate password
docker logs ipsec-vpn-server
# elevated powershell; import the VPN profile into Windows using the password from docker logs above
certutil.exe -f -importpfx .\vpnclient.p12 NoExport certutil.exe -f -importpfx .\vpnclient.p12 NoExport
# manually add the new IKEv2 VPN connection # elevated powershell; set additional reg key to harden IKEv2 key exchange
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
# lowpriv powershell; add the IKEv2 VPN connection
powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru" powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force" powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
# set additional reg key to harden IKEv2 key exchange
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
```` ````