mirror of https://github.com/Haxxnet/Compose-Examples synced 2025-01-31 05:33:46 +00:00

History

LRVT 453d7ec637 Update README.md adjust import notes		2023-04-05 00:20:21 +02:00
..
docker-compose.yml	Update docker-compose.yml	2023-04-05 00:18:36 +02:00
README.md	Update README.md	2023-04-05 00:20:21 +02:00

README.md

References

https://github.com/hwdsl2/docker-ipsec-vpn-server

Notes

# copy IKEv2 VPN profile from docker container onto host
docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./

# inspect randomly created certificate password
docker logs ipsec-vpn-server

# elevated powershell; import the VPN profile into Windows using the password from docker logs above
certutil.exe -f -importpfx .\vpnclient.p12 NoExport

# elevated powershell; set additional reg key to harden IKEv2 key exchange
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f

# lowpriv powershell; add the IKEv2 VPN connection
powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"

powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"