Datto Networking Appliance (DNA): Setting up a Windows IKEv2 Client VPN



This article explains how to set up a Windows IKEv2 client VPN on a Datto DNA.


Datto DNA



Download the VPN gateway certificate

1. Log into the DNA and choose the Security tab.

2. Choose the Client VPN tab from the left pane and download the VPN gateway certificate to the desired machine.

mceclip0.pngFigure 1: The Client VPN tab in the DNA UI (click to enlarge)

Add the Snap-in

1. From an Admin user account, open Microsoft Management Console (search for or run "mmc.exe").

2. In the Console dialog box, select File  Add or Remove Snap-in.

3. From the Available snap-ins list, select Certificates, then click Add.

4. In the resulting window, select Computer Account and click Next.

5. Select Local Computer and click Finish.

6. Click OK to close the Add or Remove Snap-ins dialog.

add_remove_snapins.jpgFigure 2: The Add or Remove Snap-in screen (click to enlarge)

Import the certificate

1. In the Console1 dialog, expand the Certificates category and navigate to Trusted Root Certification Authorities Certificates.

Cert.PNGFigure 3: The Console1 dialog box (click to enlarge)

2. Choose Action in the menu bar, then navigate to All tasks Import

Action.PNGFigure 4: The Console1 Action menu (click to enlarge)

3. Click Next on the Welcome screen. 

IKEv2.KB1.PNGFigure 5: The Certificate Import Wizard (click to enlarge)

4. Click Browse and make sure the drop-down for File type is set to All Files, then choose the Certificate you saved earlier and click Open. Click Next and then Finished.

IKEv2.KB2.pngFigure 6: The file browser (click to enlarge)

Set up the connection

1. Click the Windows start button and type "network."  From the list of options, choose Network and Sharing Center.

2. Select Set Up a new Connection or Network, then navigate to Connect to a Workplace  Use my Internet Connection (VPN) 

IKEv2.KB3.PNGFigure 7: The Network and Sharing Center (click to enlarge)

3. Enter the DNA's assigned public address. You can find this address in the DNA UI on the Network Overview tab under Router Details, as shown in Figure 9.

IKEv2.KB4.PNGFigure 8: The Connection dialog box (click to enlarge)

router_deets.jpgFigure 9: The  assigned public address in the DNA UI (click to enlarge)

4. On the Network and Sharing Center screen, click Change Adapter Settings, then right-click on the VPN Connection and click properties.

IKEv2.KB5.PNGFigure 10: VPN adapter settings (click to enlarge)

5. Click the Security tab and choose IKEv2 in the Type of VPN drop-down menu. For Authentication, choose Microsoft: Secured Password (EAP-MSCHAP v2) (encryption enabled)

6. Click the Networking tab, then select IPv4.

7. Click Properties,  then select Advanced and verify that Use default gateway is checked. Click OK to and exit all dialogue boxes.

properties.jpgFigure 11: Security properties (click to enlarge)

You should now be able to connect to the VPN. When you click Connect for the first time, it will prompt you for the login credentials you set on the DNA client VPN page.

vpn_connect.jpgFigure 12: The VPN Connections screen in Windows 10 (click to enlarge)

Was this article helpful?

6 out of 10 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage