Microsoft Windows comes with a builtin IPsec client which works with certificate-based Roadwarrior connections with IPFire.
Creating a New Connection
Create a new host-to-net connection as usual creating a new certificate. Microsoft Windows has certain requirements for the ciphersuite:
- Windows 11
- IKE: AES-256/-128-GCM / SHA384/256/1 / MODP-1024 as well as what Windows 7-10 support
- ESP: Same as Windows 7-10
- Windows 7-10
- IKE: AES-256-CBC / SHA384/256/1 / MODP-1024
- ESP: AES-256/128-CBC / SHA1 / None
Importing Certificates
On the client, you will need to import IPFire's Root Certificate as well as the certificate of the connection as a computer certificate first. You can do this by downloaded those files to the computer and double-click. A wizard will guide you through the import.
Creating a new Connection
Create a new VPN connection selecting IKEv2 as protocol:
After hitting Save, you will have to navigate to the network adapter of the connection and double-click. A new dialogue will open where you will have to change the authentication to "Use machine certificates".
You will then be able to establish the IPsec connection.