Windows Client EAP Configuration with Passwords
Open the Network & internet settings
The Network & internet > VPN menu opens.
Click on Add VPN.
The Add a VPN connection menu pops up.
Fill in the following fields:
- VPN provider
Select Windows (built-in).
- Connection name
Choose a name for your VPN connection.
- Server name or address
Give the fully qualified hostname of the VPN gateway. The hostname must be contained as a
subjectAltNamein the gateway certificate.
- VPN type
- Type of sign-in info
Select User name and password.
Click on Save.
The EAP connection has been added to the Network & internet > VPN menu.
Also a new EAP WAN Miniport (IKEv2) network adapter has been added to the *Network Connections overview.
Right-click on the EAP network adapter and select Properties.
The EAP Properties menu pops up.
Switch to the Security tab and change the Data encryption field to Maximum strength encryption. Then click OK. This eliminates the weak single
DESand the fatal
NULLencryption in the ESP proposal of the Windows client.
esp = aes256-3des-sha1
The Windows EAP VPN connection based on user certificates and EAP-MSCHAPv2 over IKEv2 has now been successfully completed.