Launch the server. This server does not require the powerful computing resources - you can choose basic instance type like B1ls, B1s, B1ms etc. After launching, this server is immediately fully operational. No server setup required.
Linux username: azureuser
User management Web Panel:
http://ipaddress/ or
https://ipaddress/ (recommended)
(Use "administrator" as username and last 12 characters of your Virutal Machine ID (VmId) as password)
When accessing the Web Panel or downloading ZIP archive using the HTTPS protocol, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.
User authentication is based on certificates and credentials (username/password). Server certificates are automatically generated and installed on the server when the instance is launched for the first time, or after the server is restarted with a changed IP address. Client certificates can be downloaded as a ZIP archive from the User management Web Panel. ZIP file contains:
- "client-cert.p12" - file containing 2 certificates required for a client device: a Client Certificate and Trusted Root Certificate. Password to install this certificate: "vpn"
- "install-cert-win.bat" - a file that automatically installs certificates on Windows computers.
- "cert-console.msc" - certificate management file for Windows (to open the certificate management console just double-click this file). Certificate management console can be used to view, add or remove certificates in Windows.
- "qr.png" - a QR-code that contains a link to easily download the certificate to a mobile device.
INSTALLING CERTIFICATES ON WINDOWS COMPUTERS (this method works for all versions of Windows)
Certificates should be installed into store "Local Computer". To do it, simply double-click the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@xx.xx.xx.xx" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store. The Certificate management console (double-click the file "cert-console.msc") can be used to check the installed certificates.
CREATING A VPN CONNECTION ON WINDOWS COMPUTERS
The VPN connection should include: - VPN Type: IKEv2
- Extended Authentication Protocol (EAP): EAP-MSCHAP v2
- Server address: public IP address of the server
TESTING
When the server was first started, 2 test user records "user1" and "user2" were already created so you can try to establish 2 simultaneous connections from 2 different computers to check the visibility of these computers through this VPN server. According to initial settings in a Control Panel, the IP address 10.10.10.1 is assigned to "user1" and 10.10.10.2 is assigned to "user2".
If clients "user1" and "user2" are connected to this server at the same time, they will be able to see each other. You can verify this using the ping command. On Windows computers, open the Run dialog from the Start Menu, type cmd or powershell, and press Enter. Then, execute the command: ping 10.10.10.2 (or ping 10.10.10.1 on the other computer, respectively).
After successfully completing the ping test, you can establish a secure connection between the remote computers via VPN. On Windows computers, open the Run dialog from the Start Menu and enter a command like \\10.10.10.2\ to access the shared folders on the other computer. It may take a few seconds for the command to execute, after which a window should appear displaying the available folders and files of the remote computer.
For easier future access, create a desktop shortcut to the remote computer. The VPN server assigns static IP addresses to users, so the remote computers will keep the same IP addresses across sessions.
Important. Additionally, this server can be used to provide the secure internet access for client computers via VPN, and the possibility of such internet access is controlled on the client side with help of "Use the default gateway on remote network" checkbox on Windows in settings for "Internet Protocol Version 4 (TCP/IPv4)". By default, this checkbox is enabled, so when a client connects to this server, all Internet traffic will be redirected through the VPN.
ADDITIONAL INFO
For more convenience, phpMyAdmin (database management) is available at:
http://ipaddress/phpmyadmin/ or
https://ipaddress/phpmyadmin/ (recommended)
default username for phpMyAdmin: administrator
initial password: last 12 characters of your Virtual Machine ID (VmId)
By default, access to phpMyAdmin is denied in file "/usr/share/phpmyadmin/.htaccess"
