Shulou(Shulou.com)06/03 Report--

This article belongs to the entry level, the reading object is already studied IKEv2 ×× theoretical knowledge, hope to master the actual operation technology personnel.

IKEv2 is undoubtedly PPTP, L2TP, SSTP and other several ××× applications in the highest security level, its CA certification, two-way computer certificate verification, very effective for protecting information communication, especially can allow the underlying network to be disconnected for a short time, automatic link characteristics, is many people want to learn to master. But Microsoft's website says,"You cannot configure IKEv2 through the user interface. Configuration can only be done using the Windows PowerShell interface. "This is a pity for beginners who want to try IKEv2. After many attempts, I found that through window operation, IKEv2 connection from server to client computer can be realized, and encrypted communication can be realized without writing code or third-party plug-ins. The so-called crack, in fact, is to use small skills to solve the problem that IKEv2 cannot be configured through the "user interface," suitable for beginners to master the operation. The following is a description of the operation process.

Let's start with the prerequisites for configuring IKEv2 networks:

1. You already have a public key infrastructure for computer authentication, and you can use a certificate authority built into your server.

2. Whether the computer supports IKEv2, Windows Server8 and above servers support, client Win7 and above support.

3. A router supporting IKEv2, built-in Windows server8 and above

To implement IKEv2, complete the following tasks: Task 1. Install a certification authority on the server and obtain a CA root certificate. This certificate is legal and valid for a long time. Just install CA root certificate (that is, public key) to all participating computers before networking. If it is a domain structure, it can be set to automatic issuance. If it is a non-domain structure, it will be manually installed. Fortunately, the network is a closed structure, the number of computers will not be too many, the workload will not be too large, and it will only be busy once during deployment. I saw an official website introducing IKEv2 video, without mentioning the domain structure, without mentioning how to automatically issue CA root certificate, if the students only follow the operation it prompts, they simply cannot achieve IKEv2, this practice is intentional, that is, they do not want you to learn the real skills, do not want ordinary people to master IKEv2 technology.

Task 2: Install the CA root certificate to the client. If you plan to put the CA and the ××× server on the same computer, do not install the CA root certificate on the server twice, otherwise install the CA root certificate on the ××× server.

Task 3: Apply for and install a server certificate

Task 4: Install servers that provide IKEv2 services

Task 5. Configure users accessing the IKEv2 network

Task 6: Request client certificates and install

Task 7. Client Settings IKEv2 Connection

In order to complete these seven tasks, it is necessary to build the simplest network and be able to connect.

Below are 180 screenshots of the process, both server and client.

The first 57 pictures of the text have been published in this forum article "180 screenshots 1-57 of the detailed steps of building IKEV2 with built-in CA certificate in Server2016", and the rest are to be continued. a retired teacher

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.