https://docs.opnsense.org/manual/how-tos/ipsec-rw-w7.html
Quote from: pmhausen on November 02, 2020, 06:36:36 pmhttps://docs.opnsense.org/manual/how-tos/ipsec-rw-w7.htmlThis guide requires you to install Root Certificate into your client. Should I remind you that it is a big security risk?https://blog.malwarebytes.com/security-world/technology/2017/11/when-you-shouldnt-trust-a-trusted-root-certificate/Is there any other way to enable VPN without exposing your clients' computers to potential malware, etc?
# IKEv2 VPN Import Script# Automatically generated by pfSenseSet-Location -Path $PSScriptRoot# Import Server Certificate CAImport-Certificate -FilePath "<Certificate name>" -CertStoreLocation Cert:\LocalMachine\Root\# Add VPN ConnectionAdd-VpnConnection -Name "VPN" -TunnelType "Ikev2" -RememberCredential -EncryptionLevel Required ` -ServerAddress vpn.mydomain.com -DnsSuffix "domain.com" -PassThru# Set VPN ConfigSet-VpnConnectionIPsecConfiguration -ConnectionName "VPN" ` -EncryptionMethod GCMAES128 -IntegrityCheckMethod SHA256 -DHGroup Group2 ` -CipherTransformConstants GCMAES128 -AuthenticationTransformConstants GCMAES128 -PfsGroup PFS2 ` -PassThru -ForceSet-VpnConnection -Name "VPN" -SplitTunneling $TrueAdd-VpnConnectionRoute -Name "VPN" -DestinationPrefix 192.168.100.0/24