Example Configuration - Roadwarrior with Windows Phone 8.1

  • A Lumia 620 with WP 8.1 was used to create this configuration
  • First execute the first step that is described in the Windows example
  • Additionally, you need to execute the second step described in the Windows example
    • Do not modify the /etc/ipsec.conf instead, modify the /etc/ipsec.user.conf by adding the following lines:
conn "Windows Phone"
    leftauth=pubkey
    leftcert=/var/ipfire/certs/hostcert.pem
    leftsubnet=0.0.0.0/0
    right=%any
    rightauth=eap-tls
    rightsendcert=never
    rightsourceip=%dhcp
    eap_identity="Your EAP identity, from the client certificate" #Example: "C=DE, O=MyOrganization CA, CN=WindowsPhone Client"
    keyexchange=ikev2
    auto=add
  • Restart the ipsec daemon, type /etc/init.d/ipsec restart

Install certificates

  • Download and import the certificates to the device
    • Usually, you can import the certificate by sending a mail that contains it.
    • More information can be found under: https://msdn.microsoft.com/en-us/library/dn643705.aspx

Create connection

  1. Go to Settings:
    • Select VPN
    • Click Add
  2. Type in your domain name:
    • Set the type to IKEv2
    • For the connection, select that you use a certificate
    • Select your imported certificate
    • No need to enter domain authorization data
    • As an optional step, you can choose that your host's certificate should be verified
    • Choose a name for your profile
    • Click Save
  3. By sliding the slider to On you can now view your profiles and manually activate them, if necessary:
    • To deactivate the VPN, slide the slider back to Off
Edit Page ‐ Yes, you can edit!

Older Revisions • August 31, 2019 at 9:15 pm • Jon