IKEv2 and Windows 11 on standalone ATP500

AlexandervonW
AlexandervonW Posts: 12  Freshman Member
First Comment

Hi there,

because the actual IPSec client from Zyxel does not support ARM proccessors, i had to configure VPN IPSec IKEv2 to use the buildin Windows 11 VPN client.

That raises a bunch of questions:

  1. How can i use a trusted certificate instead of the "buildin". I cannot use the official bought FQDN based cert, because while generating the VPN connection with the wizard (only way to get a Windows 11 installation script) i cannot choose a certificate!
  2. I cannot use any AD (local Active Directory) user to auth in this new VPN config. The wizard creates a group and i have to select a user, but changing this in VPN gateway setting does result in error after connecting and using AD user for auth. Other IPSec connections are working fine with AD users.
  3. I can only setup Windows 11 to use the VPN in full tunnel mode. But then, i cannot connect from the same computer to the internet/firewall for getting and acepting the 2FA E-Mail, because there is no internet connection before acepting 2FA.

Any help would be highly appreciated.

Alexander