ADEO Imaging OÜ
The cloud spirit...

Routing VPN Server IKEv2-MSCHAPv2 with user management Web Panel
(this server is available for deployment on Amazon Marketplace and Azure Marketplace)

Usage Instructions for AWS users.

Launch instance from AMI. After launching the server, it is immediately ready to work; no additional settings are required.

Linux username: admin

User authentication: certificates + username/password.
Server certificates are automatically generated and installed on the server when instance is launched for the first time or after starting the instance if IP address of the instance has changed. User certificates are the same for all users.

ZIP archive containing client certificates can be downloaded using a web browser:
https://[Public IP address]/config/cert-download.php
(use "config" as username and your instance ID as password)

User management Web Panel:
https://[Public IP address]
(use "administrator" as username and your instance ID as password)

When accessing the Web Panel or downloading ZIP archive using the HTTPS protocol, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.

WINDOWS-CLIENT SETUP

To set up the VPN client on Windows, you need to perform two main steps:
   1. Install client certificates on Windows.
   2. Create and configure an IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

1. Installing certificates on Windows computers.

Unpack the previously downloaded ZIP archive into a separate folder. Certificates should be installed in the "Local Computer" store. To do this, simply run the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@ec2-...amazonaws.com" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store, as shown in the picture "cert-console.jpg". You can check this using the MMC console (double-click the file "cert-console.msc").

2. Creating and configuring the IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

The VPN connection must be created using standard Windows tools. The VPN connection should include:
  • Server address: public IP address of the instance on AWS
  • VPN Type: IKEv2
  • Extended Authentication Protocol (EAP): EAP-MSCHAP v2
  • Credentials (username and password): see users on the Web Panel.

  • CONNECTION OF 2 COMPUTERS THROUGH VPN

    When the server starts for the first time, it creates 2 test users: "user1" and "user2" so you can try to establish 2 simultaneous connections from 2 different computers and check the visibility of these computers through this VPN server. Passwords for these users can be found in the Control Panel (Management->List Users). According to initial settings, the IP address 10.10.10.1 is assigned to "user1" and 10.10.10.2 is assigned to "user2".

    If clients "user1" and "user2" are simultaneously connected to this server, they will be able to see each other. You can test it with "ping" command: in Windows computers you can click "Run..." menu item of Start Menu, then print "cmd" to open Command Prompt and then execute command: "ping 10.10.10.2" (or "ping 10.10.10.1" on another computer respectively).

    After successfully completing the ping test, you can establish the secure connection between remote computers via VPN. In Windows computers, you can click "Run..." menu item of Start Menu and execute the command like "\\10.10.10.2\" to see the shared folders of another computer.

    ADDITIONAL INFO

    phpMyAdmin (database management):
    https://[Public IP address]:8443/phpmyadmin/
    Default username for phpMyAdmin: "administrator", initial password is your instance ID. By default, access to phpMyAdmin is restricted in "/usr/share/phpmyadmin/.htaccess"

    Access to the Database via Port 3306:
    By default, for security reasons, access to the server through port 3306 is closed. However, the database includes a user named "remote," who has read and write access to the database if this port is opened. This can be useful for managing users remotely via MySQL queries.
    Username: "remote", password is your instance ID, database: "radius", tables: "radcheck" - list of users, "radusergroup" - access status for users (Enabled/Disabled).

    Usage Instructions for AWS users: Routing VPN Server IKEv2-MSCHAPv2 with user management Web Panel on AWS Usage Instructions for AWS users: Routing VPN Server IKEv2-MSCHAPv2 with user management Web Panel on Microsoft Azure
    Try this server on AWS ! Try this server on Microsoft Azure !