Applies to platform: Any PC running Windows 7.
Updated on: 20th of november 2017.
This lesson describes how to connect a personal computer running Microsoft Windows 7 to an existent and running IPsec installation on an Endian UTM appliances using PSK (password) authentication.
Before you start
If both the Windows client and the Endian UTM Appliance are behind a NAT device, please follow this tutorial on the Windows client and in step 7. write 2 in the Value Data box, then save the settings and restart the Windows system.
The connection via L2TP/IPsec requires the following data, that should have been previously configured on the VPN/IPsec server:
- The IP address or hostname of the L2TP/IPsec server (i.e., of the Endian UTM appliances where the IPsec server runs).
- The PSK secret, i.e., the password of the IPSsec tunnel, that can be retrieved under Menubar > VPN > IPsec, by clicking on the Edit icon next to the connection, and then looking in the Authentication box.
- The username and password of the L2TP user. The username is retrievable from Menubar > VPN > VPN users, and the user must be allowed to use L2TP.
You should write the abovementioned data down or remember it, since you will have to enter them in the corresponding configuration sections of your device.
The configuration of a connection from Microsoft Windows 7 to an Endian UTM Appliance via IPsec and L2TP can be carried out in two phases: In the first phase you define a new connection to the Endian UTM Appliance via VPN, providing all the necessary parameters, while in the second phase you define the proper L2TP settings. You should have administrator rights to set up the connection.
Setup of a VPN connection to the Endian UTM Appliance
The first phase starts by clicking on the Windows logo (1) to open the menu, t hen to click on Control Panel (2).
In the control panel, click on View network status and task (1) under the Network and Internet menu, an action that opens the Network and Sharing Center.
Here, click on Set up a new connection or network (1) to start the wizard.
Select Connect to a workplace to configure the VPN connection (1), then click on Next (2) to proceed to the next step.
Click on Use my Internet connection (1) to start the configuration of the VPN to your Endian UTM Appliance.
It is now possible to give the configuration details for the connection. Enter the IP address or hostname (1) and give a custom name to the connection, like "ACME Inc." (2). You can also choose some other options here (3), like:
- Choose whether this connection can be used by you only or by all the users
- Only setup the connection, but do not connect.
We select in this tutorial only the last option, since after finishing this phase you still need to set up some options before connecting with L2TP. Click on Next (4) to procede to the next step.
Here you can enter the username (1) and password (2). Optionally, you can choose to show the password's characters (hidden by default), to remember the password for future uses, and to provide a custom domain for that connection (3).
In this window, click on Close (1) to complete the configuration of the VPN connection. If you click on Connect now, a tentative connection will be attempted, that will not be successful, since the L2TP setup has yet to be done. Once this window has closed, the proper L2TP setup can be started.
Set up of the L2TP connection
You are now a few steps from the completion of the configuration. In the Network and Sharing Center, click on Connect or disconnect. A small panel like the one in the picture above will open in the bottom right of the desktop. Click on the connection's name (1) with the right mouse button, then click on Properties (2).
- In the properties' window that opens, click on the Security tab.
- Choose Layer2 Tunneling Protocol with IPsec (L2TP/IPsec) as Type of VPN.
- Chose Unencrypted password (PAP) as the only allowed protocol.
- Click on Advanced Settings to open a small pop-up window.
- Click on Use preshared key for authentication, then enter the PSK Secret.
- Click on OK to close the pop up window.
- Click again on OK to finish and to save the set up.
You should now be able to connect via L2TP to your Endian UTM Appliance.