====== VPN Client Setup Guide ====== Connecting to the La Salle High School VPN will create a secure tunnel between your computer and the La Salle High School network. All network traffic from your computer will be forwarded through La Salle High School so that you may access internal resources on the LSHS network. With this document, you should have been provided with the following files. All of these are needed. * **lshs-cert-ca.crt** – The Certification Authority which signs the VPN server key. * **LSHSVPN.pbk** – The remote access phonebook for our VPN with all of the connection details for Windows 7. * **setup-LSHSVPN.ps1** – PowerShell script to create the VPN connection in Windows 8 and up. ===== Quick Summary ===== ^Server ^Type of VPN^Authentication ^Server Certificate CA^ |vpn.lasallehs.net|IKEv2 |Machine Certificates|lshs-cert-ca.crt | ====== Prepare Certificates ====== ===== Generate a Certificate Request ===== - Run ''%%mmc.exe%%''. - Click **File** > **Add/Remove Snap-in**. - From the //Available snap-ins//, select **Certificates** and click **Add >**. - Choose to manage certificates for the **Computer account**. Click **Next >**. - You want to manage the Local computer. Click **Finish**. - Click **OK**. - Under **Certificates - Local Computer**, browse to **Personal**. - Right-click on **Personal** and go to **All Tasks** > **Advanced Operations** > **Create Custom Request...** - Click **Next**. - Under **Custom Request**, click **Proceed without enrollment policy** and then click **Next**. - At the **Custom request** screen, leave the default settings and choose **Next**. - At the **Certificate Information** screen, click the arrow to the right of //Details// then click **Properties**. - On the **General** tab, enter a friendly name for the certificate. Something like **Fistname Lastname LSHS VPN Certificate** will do. - On the **Subject** tab, in the **Subject name** field, change the **Type** to **Email** then enter your email address for the value. Click **Add**. - On the **Private Key** tab, expand **Key options** then set the key size to 4096. - Click OK. - Back in the **Certificate Information** window, click **Next**. - Choose somewhere to save the certificate request file using **Browse...** - Click **Finish**. - Email the certificate request to abrashear@lasallehs.net. ===== Sign the Certificate Request ===== Someone at LSHS must use the command ''%%certreq -attrib "CertificateTemplate:ManualIPSecClient"%%'' to sign the request. Then, fetch the request from the CA. ===== Import Your Signed Certificate ===== - Run ''%%mmc.exe%%''. - Click **File** > **Add/Remove Snap-in**. - From the //Available snap-ins//, select **Certificates** and click **Add >**. - Choose to manage certificates for the **Computer account**. Click **Next >**. - You want to manage the Local computer. Click **Finish**. - Click **OK**. - Under **Certificates - Local Computer**, browse to **Personal** > **Certificates**. - Right-click on **Certificates** and go to **All Tasks** > **Import**. - At the **Certificate Import Wizard**, click **Next**. - Browse to the signed certificate file you wish to import and click **Next**. - Make sure **Place all certificates in the following store** is checked and the selected store is **Personal**. - Click **Next**. - Click **Finish**. ===== Import the Server Certificate ===== - Run ''%%mmc.exe%%''. - Click **File** > **Add/Remove Snap-in**. - From the //Available snap-ins//, select **Certificates** and click **Add >**. - Choose to manage certificates for the **Computer account**. Click **Next >**. - You want to manage the Local computer. Click **Finish**. - Click **OK**. - Under **Certificates - Local Computer**, browse to **Trusted Root Certification Authorities** > **Certificates**. - Right-click on **Certificates** and go to **All Tasks** > **Import**. - At the **Certificate Import Wizard**, click **Next**. - Browse to the server certificate, **lshs-cert-ca.crt** and click **Next**. - Make sure **Place all certificates in the following store** is checked and the selected store is **Trusted Root Certification Authorities**. - Click **Next**. - Click **Finish**. ====== Connect to the VPN ====== ===== Windows 7 ===== - Double-click the included file, **LSHSVPN.pbk** to open it. * If you have trouble with this step, open a run window and type ''%%rasphone%%'' and the full path to the file, ex: ''%%rasphone "W:\La Salle High School VPN Phonebook\LSHSVPN.pbk"%%''. - Click **Connect**. ===== Windows 8.1 and Newer ===== - Run the included PowerShell script, //setup-LSHSVPN.ps1//. - If you have an strict execution policy set on your machine, you can temporarily bypass it by running the PowerShell command directly. Example: ''%%powershell -executionpolicy bypass -file "C:\Path\to\setup-LSHSVPN.ps1"%%'' - You will connect to the LSHS VPN from the network icon in the system tray. Click on **La Salle High School VPN** and click **Connect**. After setting up the connection with PowerShell, you no longer need the setup script. ====== Disconnect from the VPN ====== You can disconnect from the VPN like you would a wireless network. - Left-click the network icon in the system tray (at the bottom right of the screen). - Left-click on the VPN connection, and click **Disconnect**.