Microsoft Windows

Microsoft Windows comes with a builtin IPsec client which works with certificate-based Roadwarrior connections with IPFire.

Creating a New Connection

Create a new host-to-net connection as usual creating a new certificate. Microsoft Windows has certain requirements for the ciphersuite:

  • Windows 11
    • IKE: AES-256/-128-GCM / SHA384/256/1 / MODP-1024 as well as what Windows 7-10 support
    • ESP: Same as Windows 7-10
  • Windows 7-10
    • IKE: AES-256-CBC / SHA384/256/1 / MODP-1024
    • ESP: AES-256/128-CBC / SHA1 / None

Importing Certificates

On the client, you will need to import IPFire's Root Certificate as well as the certificate of the connection as a computer certificate first. You can do this by downloaded those files to the computer and double-click. A wizard will guide you through the import.

Creating a new Connection

Create a new VPN connection selecting IKEv2 as protocol:


After hitting Save, you will have to navigate to the network adapter of the connection and double-click. A new dialogue will open where you will have to change the authentication to "Use machine certificates".


You will then be able to establish the IPsec connection.

Edit Page ‐ Yes, you can edit!

Older Revisions • May 20, 2022 at 12:21 pm • Michael Tremer