mathdatech/Compose-Examples
1
0
Fork 0
mirror of https://github.com/Haxxnet/Compose-Examples synced 2025-01-31 05:33:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
add notes
This commit is contained in:
LRVT 2023-04-04 23:54:27 +02:00 committed by GitHub
parent af125ad914
commit a2eb902b42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
examples/ipsec-vpn-server/README.md
View File

@ -1,3 +1,21 @@
# References
- https://github.com/hwdsl2/docker-ipsec-vpn-server
# Notes
````
# copy IKEv2 VPN profile from docker container onto host
docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./
# elevated powershell; import the VPN profile into Windows
certutil.exe -f -importpfx .\vpnclient.p12 NoExport
# manually add the new IKEv2 VPN connection
powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
# set additional reg key to harden IKEv2 key exchange
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
````