To use the LANCOM Advanced VPN Client to dial-in to a LANCOM router, the appropriate profile settings must be adjusted to allow for the use of certificates.
- In the IPSec General Settings for the profile, set the IKE policy to 'RSA signature'.
- Switch the identity to 'ASN1 Distinguished Names'. The 'identity' can remain blank since this information is taken from the certificate.
- For the IP address assignment use the 'IKE Config Mode'.
- For the Certificate Check you can optionally place a limitation on the certificates accepted by the LANCOM Advanced VPN Client. To do this, you define the user and/or the issuer of the incoming certificate and, if applicable, the associated "fingerprint".
- After storing the adapted connection profile, click on the menu item Configuration / Certificates to open the settings for the User Certificate.
- Select the certificate type 'from PKCS#12 file' and set the required certificate
file .
- To work with various certificates, activate the option 'Certificate Selection' and enter the path for the folder where the certificate files are stored .
- Define whether or not the PIN (password) has to be entered before connection establishment . Alternatively, you can save the PIN in the LANCOM Advanced VPN Client under the menu item Connection / Enter PIN .
- If Certificate Selection is activated, the certificate corresponding to the connection can be chosen from a list displayed in the main window of the LANCOM Advanced VPN Client, as befits the selected profile.
