SystoLOCK can be used with Windows VPN if configured for certificate-based authentication or EAP with certificate-based authentication. Follow these steps to configure a connection to use with SystoLOCK.
Make sure that your VPN server supports the authentication methods mentioned below.
¶ 1. Authentication Method
In Authentication, select one of the following methods and click Properties: EAP-TTLS, Protected EAP, Smart Card or other Certificate
¶ 2. EAP Properties
For EAP-TTLS or Protected EAP, select Smart Card or Other Certificate as authentication method as shown and click Configure:
¶ 3. Certificate Selection
In Smart Card or Other Certificate select Use a certificate on this computer as shown and click advanced:
¶ 4. EKU Selection
Configure EKU to use Client Authentication and not to use All-Purpose and Any-Purpose EKUs. Also make sure to add SystoLOCK EKU to the list as shown:
¶ 5. SystoLOCK EKU
If SystoLOCK EKU is not yet available in the list of EKUs, add it by clicking on Add and the providing the following data (Name SystoLOCK, OID 1.3.6.1.4.1.37708.1.6):
Click OK on all dialogs until the connection is saved.
Properties other than mentioned above, may also be set according to your needs, but since they can further restrict certificate selection, make sure they are applicable to your environment, otherwise the connection might not be established.