Windows 10/11 MoPo Certificate

The IPSec client included in Windows/11 already supports connecting to the "Mobile Pools" IPSec Gateway by default.
No installation of additional software is required.

Please note: The internet access to the university network/internet via WLAN/VPN is provided by the Rechenzentrum of the university. The respective documentation is available at WLAN/VPN on the Rechenzentrum webpages of the University of Freiburg.

• Preconditions

  To configure the connection you need either:
  •  an account at the Faculty of Engineering. You can access the Mobile Pools "Certificate Management" with the account's login credentials and create a user certificate. This certificate is used to authenticate at the VPN gateway and is required for the configuration of the VPN setup.
      (-> Students, employees and guest of the Faculty of Engineering)
    
    or
  • a valid user certificate issued by the Certificate Authority of the Rechenzentrum. This certificate is used to authenticate at the VPN gateway and is required for the configuration of the VPN setup. Additionally, you can use this certificate to sign and encrypt e-mails.
      (-> Students and employees of the Faculty of Engineering)

• Configuration

  1. Import certificate
     
     Administrative privileges are required!

     Start "Microsoft Management Console" (mmc):
     Run "mmc" under Start -> [Search Programs and Files]
     
     Microsoft Management Console
     -> File
     --> Add/Remove Snap-In
       select "certificates"  -> add
        !important!:  [x] Select Computer Account ->  [x] Local Computer -> finish
     End Snap-In by clicking "ok"
     
     
     
      

     The MMC now contains the entry "Certificates (Local Computer) -> Personal -> Certificates"
     Select Certificate:
     
     
     
     Menu: -> Action -> All Tasks -> Import...
     
     "Certificate Import Assistant" opens:
       Next -> Set file type to "Personal Information Exchange (*.p12)" and select MoPo certificate and open
       Next -> Enter certificate password
       Next -> Next -> Finish

     Tne certificate has been imported. Under "Personal -> Certificates" are now:
       - User certificate
       - Certificate of the MoPo Certificate Authoriy (MoPo-Ca)

       As the last step move the MoPo-Ca certificate to the "Trusted Root Certification Authorities":
       Via "Drag and Drop" from:
       Certificates (Local Computer) -> Personal -> Certificates
       to:
       Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates
     
     

  2. VPN Setup

     Control Panel -> Network and Internet -> Internet Options

       Tab: Connections
       -> Add VPN...

     
     
     
     When asked about creating an internet connection select:
       [ -> Setup internet connection later ]

     Enter the following details to create a VPN connection:
       Internet address: vpn-mopo.vpn.uni-freiburg.de
       Destination name: MoPo Uni-Freiburg
       -> Create

       Now adjust the VPN configuration:
       -> Settings
       --> Advanced

       Security tab:
       --> VPN type: IKEv2
       --> Data encryption: Require encryption
       --> [x] Use machine certificates
       ---> 3 times "OK"

     
     
     
      

• Establish VPN connection
  
  -- Establish network connection (WLANuni-fr, red network port or external)
      - Click on the network icon in the right corner
      - Select the VPN connection
      --> MoPo Uni-Freiburg "Connect" or "Disconnect"
  
  
  
  More information to Microsoft's "Agile VPN functionality" can be found on the strongSwan Projects web site and in the strongSwan wiki.