IPSec Remote Access VPN Clients on Windows
- Tran Dai Quan
- Tran Khanh Ngoc
Overview
This configuration guide describes configuring IPsec IKEv2 Remote Access VPN by Window Client on Windows OS to establish VPN connections. After that, the customer can access virtual machines and applications located on the HGIO Cloud with more security and reliability.
Procedure
Setup IPSec IKEv2 Remote Access VPN
Setup VPN Windows Client
Step 1: Configuration VPN Profile for Windows client
Open PowerShell with Administrator permission.
Copy and paste the information below into PowerShell (replace red word xxxx by your domain name).
Add-VpnConnection -Name "HI-GIO-IKEv2-VPN" -ServerAddress " remote-xxxxx.xxxx01.vpn.higio.net " -TunnelType "Ikev2"
Set-VpnConnectionIPsecConfiguration -ConnectionName "HI-GIO-IKEv2-VPN" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod GCMAES128 -IntegrityCheckMethod SHA256 -PfsGroup "PFS2048" -DHGroup "Group14" -PassThru -Force
Step 2: Enable VPN split tunneling in the Windows client.
Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN. In contrast, other applications or devices have direct access to the internet.
Copy and paste the information below into PowerShell.
Set-VPNconnection -name "HI-GIO-IKEv2-VPN" -SplitTunneling $true
Step 3: Add a route to a VPN connection.
Add a VPN connection route for the subnet (example: 10.16.1.0/24). If we need to add an additional subnet, perform the same way and replace it with the new subnet.
Copy and paste the information below into PowerShell.
Add-VpnConnectionRoute -ConnectionName "HI-GIO-IKEv2-VPN" -DestinationPrefix "10.16.1.0/24" -PassThru
Step Connect VPN from Windows Client.
Login to the account with the provided username and password, then click OK.
The VPN connection was established successfully.
Using the ping command line, confirm that you are connected to the application located on the HGIO Cloud.
End.