ADEO Imaging OÜ
The cloud spirit...

Internet Access VPN Server IKEv2-MSCHAPv2 with user management Web Panel
(this server is available for deployment on Amazon Marketplace and Azure Marketplace)

Usage Instructions for AWS users.

Launch instance from AMI. After launching the server, it is immediately ready to work; no additional settings are required.

Linux username: admin

User authentication: certificates + username/password.
Server certificates are automatically generated and installed on the server when instance is launched for the first time or after starting the instance if IP address of the instance has changed. User certificates are the same for all users.

ZIP archive containing client certificates can be downloaded using a web browser:
https://[Public IP address]/config/cert-download.php
(use "config" as username and your instance ID as password)

User management Web Panel:
https://[Public IP address]
(use "administrator" as username and your instance ID as password)

When accessing the Web Panel or downloading ZIP archive using the HTTPS protocol, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.

WINDOWS-CLIENT SETUP

To set up the VPN client on Windows, you need to perform two main steps:
   1. Install client certificates on Windows.
   2. Create and configure an IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

1. Installing certificates on Windows computers.

Unpack the previously downloaded ZIP archive into a separate folder. Certificates should be installed in the "Local Computer" store. To do this, simply run the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@ec2-...amazonaws.com" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store, as shown in the picture "cert-console.jpg". You can check this using the MMC console (double-click the file "cert-console.msc").

2. Creating and configuring the IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

The VPN connection must be created using standard Windows tools. The VPN connection should include:
  • Server address: public IP address of the instance on AWS
  • VPN Type: IKEv2
  • Extended Authentication Protocol (EAP): EAP-MSCHAP v2
  • Credentials (username and password): see users on the Web Panel.

  • ANDROID-CLIENT SETUP

    To set up the VPN client on Android, you need to perform two main steps:
       1. Install client certificates on your Android device.
       2. Install and configure the "strongSwan VPN Client" application from Google Play.

    1. Installing certificates on Android device.

    Upload the file "client-cert.p12" to your Android device and tap on it. Install the certificates using the password "vpn".

    2. Installing and configuring the "strongSwan VPN Client" application.

    Download and install the "strongSwan VPN Client" application from Google Play. Then, create a new profile.

    The profile for the "strongSwan VPN Client" should include:
  • Server address: public IP address of the instance on AWS
  • VPN Type: IKEv2 Certificate + EAP (login and password)
  • User Certificate: select a certificate that you installed
  • CA Certificate: select automatically

  • If you decide to use the standard Android VPN client instead of the "strongSwan VPN Client", then the settings should include:
  • Server address: public IP address of the instance on AWS
  • Type: IKEv2/IPSec MSCHAPv2
  • Certificate: select a certificate that you installed

  • ADDITIONAL INFO

    phpMyAdmin (database management):
    https://[Public IP address]:8443/phpmyadmin/
    Default username for phpMyAdmin: "administrator", initial password is your instance ID. By default, access to phpMyAdmin is restricted in "/usr/share/phpmyadmin/.htaccess"

    Access to the Database via Port 3306:
    By default, for security reasons, access to the server through port 3306 is closed. However, the database includes a user named "remote," who has read and write access to the database if this port is opened. This can be useful for managing users remotely via MySQL queries.
    Username: "remote", password is your instance ID, database: "radius", tables: "radcheck" - list of users, "radusergroup" - access status for users (Enabled/Disabled).

    Usage Instructions for AWS users: Internet Access VPN Server IKEv2-MSCHAPv2 with user management Web Panel on AWS Usage Instructions for AWS users: Internet Access VPN Server IKEv2-MSCHAPv2 with user management Web Panel on Microsoft Azure
    Try this server on AWS ! Try this server on Microsoft Azure !