ADEO Imaging OÜ
The cloud spirit...
   Sign In

VPN Access (IKEv2 with EAP MSCHAPv2 authorization)

Overview.


  • It can be used with Windows or Android devices.
  • This type of VPN is one of the primary options in Windows and can also be used on Android devices with the native Android VPN client or the dedicated "strongSwan" application.
  • Authentication via certificate and login/password.
  • Very high speed.
  • Unlimited traffic.
  • Supports simultaneous connections on multiple devices.
  • only 9.99 USD per month
  • (subscription can be cancelled at any time)

    VPN location:

    After subscribing, you will be able to download client certificates, a configuration file for the "strongSwan" mobile client application, and receive a login and password.

    WINDOWS-CLIENT SETUP

    To set up the VPN client on Windows, you need to perform two main steps:
       1. Install client certificates on Windows.
       2. Create and configure an IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

    1. Installing certificates on Windows computers.

    Unpack the previously downloaded ZIP archive into a separate folder. Certificates should be installed in the "Local Computer" store. To do this, simply run the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@ec2-...amazonaws.com" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store, as shown in the picture "cert-console.jpg". You can check this using the MMC console (double-click the file "cert-console.msc").

    2. Creating and configuring the IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

    The VPN connection must be created using standard Windows tools. The VPN connection should include:
  • Server address: public IP address of the instance on AWS
  • VPN Type: IKEv2
  • Extended Authentication Protocol (EAP): EAP-MSCHAP v2
  • Credentials (username and password): see users on the Web Panel.

  • ANDROID-CLIENT SETUP (strongSwan application)

    For this type of VPN, the most convenient way is to use the "strongSwan VPN Client" application (QR-link). The VPN connection profile in the "strongSwan" application should look as follows:
  • Server address: the IP address that was provided to you
  • VPN Type: IKEv2 Certificate + EAP (login and password)
  • User Certificate: the certificate that you installed
  • CA Certificate: select automatically

  • To set up a working VPN with "strongSwan" application, follow these steps:

    1. Download and install the "strongSwan VPN Client" application from Google Play.

    2. Upload the given JSON configuration file to your Android device.

    3. In "strongSwan" application:
  • Tap the three dots located in the top right corner, then tap "Import VPN profile" and select the uploaded configuration file.
  • On the next screen, enter the given VPN login and password, and then tap "Import Certificate from VPN profile".
  • Enter "vpn" as the password to extract the certificate, then tap "OK".
  • Confirm the certificate type and its name by tapping "OK" two more times.
  • Confirm the use of the selected certificate and tap "IMPORT".

  • The connection is ready. Tap on it, and the message "Connected" should appear.

    ANDROID-CLIENT SETUP (native Android VPN client)

    To set up this kind of VPN using default Android VPN client, you need to perform two main steps:
       1. Install client certificates on your Android device.
       2. Configure the standard VPN profile.

    1. Installing certificates on Android device.

    Upload the given "client-cert.p12" file to your Android device and tap on it. Install the certificate using the password "vpn".

    2. Configuring the VPN profile.

    The standard VPN profile of Android should include:
  • Server address: the IP address that was provided to you
  • Type: IKEv2/IPSec MSCHAPv2
  • Certificate: the certificate that you installed