Windows Server 2022 Remote Access VPN IKEv2 – Hardening

Default settings:

Change settings at server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IKEV2\IKEv2CustomPolicy]
"IntegrityMethod"=dword:00000002
"EncryptionMethod"=dword:00000004
"CipherTransformConstant"=dword:00000005
"AuthTransformConstant"=dword:00000002
"DHGroup"=dword:00000003
"PfsGroup"=dword:000000031

Change settings at client:

Verify:

link to Windows Server 2012R2 RRAS

Windows Certificate Authority (CA) sign CSR in offline mode, by CMD

cmd (admin rights!)

certreq -submit -attrib “CertificateTemplate:Computer-IKEv2-VPN-without-AD” VPN3.CSR VPN3.CER

Computer-IKEv2-VPN-without-AD – name of Template in CA
VPN3.CSR – CSR generated in offline server
VPN3.CER – CERT file generated after signing by CA