Windows Client Configuration with User Certificates
Open the Network & internet settings
The Network & internet > VPN menu opens.
Click on Add VPN.
The Add a VPN connection menu pops up.
Fill in the following fields:
- VPN provider
Select Windows (built-in).
- Connection name
Choose a name for your VPN connection.
- Server name or address
Give the fully qualified hostname of the VPN gateway. The hostname must be contained as a
subjectAltNamein the gateway certificate.
- VPN type
- Type of sign-in info
Click on Save.
The EAP-TLS connection has been added to the Network & internet > VPN menu.
Also a new EAP-TLS WAN Miniport (IKEv2) network adapter has been added to the Network Connections overview.
Right-click on the EAP-TLS network adapter and select Properties.
The EAP-TLS Properties menu pops up.
Switch to the Security tab and change the Data encryption field to Maximum strength encryption. Then click OK. This eliminates the weak single
DESand the fatal
NULLencryption in the ESP proposal of the Windows client.
esp = aes256-3des-sha1
The Windows EAP-TLS VPN connection based on user certificates and EAP-TLS over IKEv2 has now been successfully completed.