diff --git a/README.md b/README.md
index 2bd41a8..e9e4bc9 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,14 @@ Note: for local or scripted deployment instructions see the [Advanced Usage](/do
 
 Certificates and configuration files that users will need are placed in the `config` directory. Make sure to secure these files since many contain private keys. All files are prefixed with the IP address of the Algo VPN server.
 
+### Windows Devices
+
+You have to import the corresponding client certificate to The Personal store and the corresponding CA certificate to The Local Machine Trusted Root store.<br>
+Add an IKEv2 connection in the network settings and then, activate additional ciphers via powershell:<br>
+`Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA25612
+8 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none` (change Algo on the vpn connection name)<br>
+Also, you can find the powershell script and the p12 certificate in the configs directory and run it as Administrator on your machine.
+
 ### Apple Devices
 
 Find the corresponding mobileconfig (Apple Profile) for each user and send it to them over AirDrop (or other secure means). Apple Configuration Profiles are all-in-one configuration files for iOS and macOS devices and installing a profile will fully configure the VPN.
diff --git a/algo b/algo
index cf2f1f1..8f1db94 100755
--- a/algo
+++ b/algo
@@ -55,6 +55,12 @@ Do you want to enable VPN always when connected to the cellular network?
 OnDemandEnabled_Cellular=${OnDemandEnabled_Cellular:-n}
 if [[ "$OnDemandEnabled_Cellular" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" OnDemandEnabled_Cellular=Y"; fi
 
+read -p "
+Do you want to enable VPN for Windows 10 clients? (Will use insecure algorithms and ciphers)
+[y/N]: " -r Win10_Enabled
+Win10_Enabled=${Win10_Enabled:-n}
+if [[ "$Win10_Enabled" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" Win10_Enabled=Y"; fi
+
 }
 
 deploy () {
diff --git a/config.cfg b/config.cfg
index 26f1458..51f0021 100644
--- a/config.cfg
+++ b/config.cfg
@@ -59,8 +59,6 @@ ipsec_config:
   dpddelay: '35s'
   rekey: 'no'
   keyexchange: 'ikev2'
-  ike: 'aes128gcm16-sha2_256-prfsha256-ecp256!'
-  esp: 'aes128gcm16-sha2_256-ecp256!'
   compress: 'yes'
   fragmentation: 'yes'
 
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 53734b7..dacc736 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -191,6 +191,8 @@
   with_items:
     - "{{ users }}"
 
+
+
 - name: Fetch users P12
   fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 dest=configs/{{ IP_subject_alt_name }}_{{ item }}.p12 flat=yes
   with_items: "{{ users }}"
@@ -215,6 +217,16 @@
   fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/ipsec_{{ item }}.secrets dest=configs/{{ IP_subject_alt_name }}_{{ item }}_ipsec.secrets flat=yes
   with_items: "{{ users }}"
 
+- name: Build the windows client powershell script
+  template: src=client_windows.ps1.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/windows_{{ item }}.ps1 mode=0600
+  when: Win10_Enabled is defined and Win10_Enabled == "Y"
+  with_items: "{{ users }}"
+
+- name: Fetch users windows scripts
+  fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/windows_{{ item }}.ps1 dest=configs/{{ IP_subject_alt_name }}_{{ item }}_windows.ps1 flat=yes
+  when: Win10_Enabled is defined and Win10_Enabled == "Y"
+  with_items: "{{ users }}"
+
 - name: Restrict permissions
   file: path="{{ item }}" state=directory mode=0700  owner=strongswan group=root
   with_items:
diff --git a/roles/vpn/templates/client_ipsec.conf.j2 b/roles/vpn/templates/client_ipsec.conf.j2
index 3b01ff1..2e97c36 100644
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@@ -3,6 +3,14 @@ conn ikev2-{{ IP_subject_alt_name }}
     {{ key }}={{ value }}
 {% endfor %}
 
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+    ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
+    esp=aes128gcm16-sha2_256-ecp256,aes256-sha1-modp1024!
+{% else %}
+    ike=aes128gcm16-sha2_256-prfsha256-ecp256
+    esp=aes128gcm16-sha2_256-ecp256
+{% endif %}
+
     right={{ IP_subject_alt_name }}
     rightid={{ IP_subject_alt_name }}
     rightsubnet=0.0.0.0/0
diff --git a/roles/vpn/templates/client_ipsec.secrets.j2 b/roles/vpn/templates/client_ipsec.secrets.j2
index ec4a30f..6160312 100644
--- a/roles/vpn/templates/client_ipsec.secrets.j2
+++ b/roles/vpn/templates/client_ipsec.secrets.j2
@@ -1,2 +1,5 @@
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+{{ IP_subject_alt_name }} : RSA {{ IP_subject_alt_name }}_{{ item }}.key
+{% else %}
 {{ IP_subject_alt_name }} : ECDSA {{ IP_subject_alt_name }}_{{ item }}.key
-
+{% endif %}
diff --git a/roles/vpn/templates/client_windows.ps1.j2 b/roles/vpn/templates/client_windows.ps1.j2
new file mode 100644
index 0000000..9b6d197
--- /dev/null
+++ b/roles/vpn/templates/client_windows.ps1.j2
@@ -0,0 +1,3 @@
+certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ IP_subject_alt_name }}_{{ item }}.p12
+Add-VpnConnection -name "Algo" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
+Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none
diff --git a/roles/vpn/templates/easy-rsa.vars.j2 b/roles/vpn/templates/easy-rsa.vars.j2
index 50159aa..2805b3b 100644
--- a/roles/vpn/templates/easy-rsa.vars.j2
+++ b/roles/vpn/templates/easy-rsa.vars.j2
@@ -102,7 +102,11 @@ set_var EASYRSA_DN "cn_only"
 #  * rsa
 #  * ec
 
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+set_var EASYRSA_ALGO       rsa
+{% else %}
 set_var EASYRSA_ALGO       ec
+{% endif %}
 
 # Define the named curve, used in ec mode only:
 
diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2
index 2bd6ad1..58089c1 100644
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@@ -7,6 +7,14 @@ conn %default
     {{ key }}={{ value }}
 {% endfor %}
 
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+    ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
+    esp=aes128gcm16-sha2_256-ecp256,aes256-sha2_256-modp2048!
+{% else %}
+    ike=aes128gcm16-sha2_256-prfsha256-ecp256!
+    esp=aes128gcm16-sha2_256-ecp256!
+{% endif %}
+
     left=%any
     leftauth=pubkey
     leftid={{ IP_subject_alt_name }}
diff --git a/roles/vpn/templates/ipsec.secrets.j2 b/roles/vpn/templates/ipsec.secrets.j2
index d5793ae..2226f04 100644
--- a/roles/vpn/templates/ipsec.secrets.j2
+++ b/roles/vpn/templates/ipsec.secrets.j2
@@ -1,2 +1,5 @@
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+: RSA {{ IP_subject_alt_name }}.key
+{% else %}
 : ECDSA {{ IP_subject_alt_name }}.key
-
+{% endif %}
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index e796621..1ccb037 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -90,7 +90,11 @@
                 <key>PayloadCertificateUUID</key>
                 <string>{{ pkcs12_PayloadCertificateUUID }}</string>
                 <key>CertificateType</key>
+{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
+                <string>RSA2048</string>
+{% else %}
                 <string>ECDSA256</string>
+{% endif %}
                 <key>ServerCertificateIssuerCommonName</key>
                 <string>{{ IP_subject_alt_name }}</string>                
                 <key>RemoteAddress</key>