User Tools

Site Tools


vpn_client_setup_guide

VPN Client Setup Guide

Connecting to the La Salle High School VPN will create a secure tunnel between your computer and the La Salle High School network. All network traffic from your computer will be forwarded through La Salle High School so that you may access internal resources on the LSHS network. With this document, you should have been provided with the following files. All of these are needed.

  • lshs-cert-ca.crt – The Certification Authority which signs the VPN server key.
  • LSHSVPN.pbk – The remote access phonebook for our VPN with all of the connection details for Windows 7.
  • setup-LSHSVPN.ps1 – PowerShell script to create the VPN connection in Windows 8 and up.

Quick Summary

Server Type of VPNAuthentication Server Certificate CA
vpn.lasallehs.netIKEv2 Machine Certificateslshs-cert-ca.crt

Prepare Certificates

Generate a Certificate Request

  1. Run mmc.exe.
  2. Click File > Add/Remove Snap-in.
  3. From the Available snap-ins, select Certificates and click Add >.
  4. Choose to manage certificates for the Computer account. Click Next >.
  5. You want to manage the Local computer. Click Finish.
  6. Click OK.
  7. Under Certificates - Local Computer, browse to Personal.
  8. Right-click on Personal and go to All Tasks > Advanced Operations > Create Custom Request…
  9. Click Next.
  10. Under Custom Request, click Proceed without enrollment policy and then click Next.
  11. At the Custom request screen, leave the default settings and choose Next.
  12. At the Certificate Information screen, click the arrow to the right of Details then click Properties.
  13. On the General tab, enter a friendly name for the certificate. Something like Fistname Lastname LSHS VPN Certificate will do.
  14. On the Subject tab, in the Subject name field, change the Type to Email then enter your email address for the value. Click Add.
  15. On the Private Key tab, expand Key options then set the key size to 4096.
  16. Click OK.
  17. Back in the Certificate Information window, click Next.
  18. Choose somewhere to save the certificate request file using Browse…
  19. Click Finish.
  20. Email the certificate request to [email protected].

Sign the Certificate Request

Someone at LSHS must use the command certreq -attrib "CertificateTemplate:ManualIPSecClient" to sign the request. Then, fetch the request from the CA.

Import Your Signed Certificate

  1. Run mmc.exe.
  2. Click File > Add/Remove Snap-in.
  3. From the Available snap-ins, select Certificates and click Add >.
  4. Choose to manage certificates for the Computer account. Click Next >.
  5. You want to manage the Local computer. Click Finish.
  6. Click OK.
  7. Under Certificates - Local Computer, browse to Personal > Certificates.
  8. Right-click on Certificates and go to All Tasks > Import.
  9. At the Certificate Import Wizard, click Next.
  10. Browse to the signed certificate file you wish to import and click Next.
  11. Make sure Place all certificates in the following store is checked and the selected store is Personal.
  12. Click Next.
  13. Click Finish.

Import the Server Certificate

  1. Run mmc.exe.
  2. Click File > Add/Remove Snap-in.
  3. From the Available snap-ins, select Certificates and click Add >.
  4. Choose to manage certificates for the Computer account. Click Next >.
  5. You want to manage the Local computer. Click Finish.
  6. Click OK.
  7. Under Certificates - Local Computer, browse to Trusted Root Certification Authorities > Certificates.
  8. Right-click on Certificates and go to All Tasks > Import.
  9. At the Certificate Import Wizard, click Next.
  10. Browse to the server certificate, lshs-cert-ca.crt and click Next.
  11. Make sure Place all certificates in the following store is checked and the selected store is Trusted Root Certification Authorities.
  12. Click Next.
  13. Click Finish.

Connect to the VPN

Windows 7

  1. Double-click the included file, LSHSVPN.pbk to open it.
    • If you have trouble with this step, open a run window and type rasphone and the full path to the file, ex: rasphone "W:\La Salle High School VPN Phonebook\LSHSVPN.pbk".
  2. Click Connect.

Windows 8.1 and Newer

  1. Run the included PowerShell script, setup-LSHSVPN.ps1.
  2. If you have an strict execution policy set on your machine, you can temporarily bypass it by running the PowerShell command directly. Example: powershell -executionpolicy bypass -file "C:\Path\to\setup-LSHSVPN.ps1"
  3. You will connect to the LSHS VPN from the network icon in the system tray. Click on La Salle High School VPN and click Connect.

After setting up the connection with PowerShell, you no longer need the setup script.

Disconnect from the VPN

You can disconnect from the VPN like you would a wireless network.

  1. Left-click the network icon in the system tray (at the bottom right of the screen).
  2. Left-click on the VPN connection, and click Disconnect.
vpn_client_setup_guide.txt · Last modified: 2018/04/16 11:11 by abrashear