Windows support implemented

README.md

@@ -41,6 +41,14 @@ Note: for local or scripted deployment instructions see the [Advanced Usage](/do
 
 Certificates and configuration files that users will need are placed in the `config` directory. Make sure to secure these files since many contain private keys. All files are prefixed with the IP address of the Algo VPN server.
 
+### Windows Devices
+
+You have to import the corresponding client certificate to The Personal store and the corresponding CA certificate to The Local Machine Trusted Root store.<br>
+Add an IKEv2 connection in the network settings and then, activate additional ciphers via powershell:<br>
+`Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA25612
+8 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none` (change Algo on the vpn connection name)<br>
+Also, you can find the powershell script and the p12 certificate in the configs directory and run it as Administrator on your machine.
+
 ### Apple Devices
 
 Find the corresponding mobileconfig (Apple Profile) for each user and send it to them over AirDrop (or other secure means). Apple Configuration Profiles are all-in-one configuration files for iOS and macOS devices and installing a profile will fully configure the VPN.

roles/vpn/tasks/main.yml

@@ -191,6 +191,8 @@
   with_items:
     - "{{ users }}"
 
+
+
 - name: Fetch users P12
   fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 dest=configs/{{ IP_subject_alt_name }}_{{ item }}.p12 flat=yes
   with_items: "{{ users }}"
@@ -215,6 +217,16 @@
   fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/ipsec_{{ item }}.secrets dest=configs/{{ IP_subject_alt_name }}_{{ item }}_ipsec.secrets flat=yes
   with_items: "{{ users }}"
 
+- name: Build the windows client powershell script
+  template: src=client_windows.ps1.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/windows_{{ item }}.ps1 mode=0600
+  when: Win10_Enabled is defined and Win10_Enabled == "Y"
+  with_items: "{{ users }}"
+
+- name: Fetch users windows scripts
+  fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/windows_{{ item }}.ps1 dest=configs/{{ IP_subject_alt_name }}_{{ item }}_windows.ps1 flat=yes
+  when: Win10_Enabled is defined and Win10_Enabled == "Y"
+  with_items: "{{ users }}"
+
 - name: Restrict permissions
   file: path="{{ item }}" state=directory mode=0700  owner=strongswan group=root
   with_items:

roles/vpn/templates/client_windows.ps1.j2

@@ -0,0 +1,3 @@
+certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ IP_subject_alt_name }}_{{ item }}.p12
+Add-VpnConnection -name "Algo" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
+Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none