I am currently trying to establish a VPN connection from my Windows 10 Enterprise 1909 to a remote VPN gateway, using the built-in Windows VPN / IPSec client. Since the UI does not provide all options I need, I have created and fine-tuned the VPN connection with Powershell (using an account with Administrator rights):
Set-VpnConnection -Name Test -AllUserConnection -ServerName other.vpn.gateway -TunnelType Ikev2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
Set-VpnConnectionIPsecConfiguration -ConnectionName Test -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup PFS2048 -DHGroup Group14 -AllUserConnection
I've been very surprised that Windows obviously offers GCMAES256
where it matters; please note that I haven't typed the encryption method etc. manually, but got them from the proposals Powershell ISE offers after having typed an argument.
However, when I dial that VPN connection, Windows claims that there is a "Policy match error". A quick investigation on the remote gateway showed that Windows sends wrong IKEv2 proposals:
We (responder) are not behind a NAT. NAT-T is already enabled
+IKE-SA:
IKE-Proposal-1 (4 transforms)
ENCR : AES-CBC-256
PRF : PRF-HMAC-SHA1
INTEG: HMAC-SHA1
DH : 14
IKE-Proposal-2 (4 transforms)
ENCR : AES-CBC-256
PRF : PRF-HMAC-SHA-256
INTEG: HMAC-SHA-256
DH : 14
IKE-Proposal-3 (4 transforms)
ENCR : AES-CBC-256
PRF : PRF-HMAC-SHA-384
INTEG: HMAC-SHA-384
DH : 14
-Could not match any proposal. See VPN-Debug trace for more information
So Windows sends three proposals, and all of them are wrong. For example, in my Powershell commands, I have explicitly told it to use GCMAES256 for encryption, but obviously, Windows insists on and proposes AES256-CBC.
Could somebody please explain whether this is a bug in Windows or whether I am doing something wrong. Do I have to enable GCMAES256 in Windows somehow?
Furthermore, why does Windows propose SHA1
and SHA-256
(proposals 1 and 2 in the above code) while I have explicitly told it to use SHA-384
?
[ Side note: Of course, I could enable AES256-CBC on the remote gateway, but I am considering this only a last resort. I really would like to know what is going on at the Windows side. ]