The following instructions apply to Windows XP SP2, whereas I assume
all these rules also apply to XP SP1, XP and Windows 2000.
- Go to network connections
- Create a new network connection
- Choose 'connect to the network at my workplace'
- Choose VPN connection
- Enter Company name
- Choose to dial an initiating connection, if you have dial-up
- Enter IP or hostname for your VPN Box
- Finish
One might want to go to connection properties, networking tab and
select L2TP IPsec VPN in the drop-down box (This speeds up your first
connection try). Next step is to import the generated .p12 certificates
on every windows-machine.
- Open an mmc: Start | Run | type mmc | hit ENTER
- Click File | Add/Remove Snap-in
- Click Add
- Select Certificates and click Add
- Select Computer Account2.5, click Next
- Click Finish
- Click Close
- Click OK
- Double Click Certificates
- Right Click Personal, select All Tasks and click Import
- Click Next
- Enter the path to the .p12 file
- Click Next
- We stripped the password, so just click Next
- Select 'Automatically select the certificate store based on the type
of certificate', click Next
- Click Finish
Done. No need to associate the Certificate with the Connection, as
this is done automatically by Windows. In my project I automated this
task, so that the clients would only get a setup.exe, the certificates
would be downloaded from a secure server during the setup, and all
other clickety stuff is done auto-magically (I used the Nullsoft installer
and the Windows Scripting-Program Automateit for that).
Wolfgang Hennerbichler
2004-12-21
