Usage instructions for Microsoft Azure users:
Launch the server. This server does not require the powerful computing resources - you can choose basic instance type like B1ls, B1s, B1ms etc. After launching, this server is immediately fully operational. No server setup required.
User authentication is based on certificates and credentials (username/password). Server certificates are automatically generated and installed on the server when the instance is launched for the first time, or after stopping and starting the instance, if the IP address of the instance has changed. Client's certificates can be downloaded using a web browser:
http://ipaddress/config/cert-download.php or
https://ipaddress/config/cert-download.php (recommended)
(Use "config" as username and last 12 characters of your Virutal Machine ID (VmId) as password to download these files with web browser. Click here to see how to find the password on your Azure panel. Additionally, your can find the password on a Linux welcome screen with help of SSH).
As a result of downloading the ZIP archive, you will receive the following files:
- "client-cert.p12" - file containing 2 certificates required for a client device: a Client Certificate and Trusted Root Certificate. Password to install this certificate: "vpn"
- "install-cert-win.bat" - a file that automatically installs certificates on Windows computers.
- "cert-console.msc" - certificate management file for Windows (to open the certificate management console just double-click this file). Certificate management console can be used to view, add or remove certificates in Windows.
INSTALLING CERTIFICATES ON WINDOWS COMPUTERS (this method works for all versions of Windows)
Certificates should be installed into store "Local Computer". To do it, simply double-click the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@xx.xx.xx.xx" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store. Additionally, the certificate management console (double-click the file "cert-console.msc") can be used to install certificates manually.
CREATING A VPN CONNECTION ON WINDOWS COMPUTERS
The VPN connection should include: - VPN Type: IKEv2
- Extended Authentication Protocol (EAP): EAP-MSCHAP v2
- Server address: public IP address of the server
INSTALLING CERTIFICATES AND CREATING A VPN CONNECTION ON ANDROID DEVICES.
1. Upload the file "client-cert.p12" to Android device and click on it. Install certificates using password "vpn"
2. Create a VPN connection. As a VPN client for Android, it is recommended to use the application "strongSwan VPN Client", which is available on Google Play. The VPN connection of "strongSwan VPN Client" should include:
- VPN Type: IKEv2 Certificate + EAP (login and password)
- User Certificate: "Client's VPN Certificate"
- CA Certificate: select automatically
- Server address: public IP address of the server
If you decide to use the standard Android VPN client, then the settings should include:
- Type: IKEv2/IPSec MSCHAPv2
- Both certificates: "Client's VPN Certificate"
- Server address: public IP address of the server
CREDENTIALS FOR VPN CONNECTION (username/password)
When the server is first started, an account is automatically created for the user "user1" with a random password. User logins and passwords are stored in the database on the server, and users records can be managed with help of user management control panel:
http://ipaddress/daloradius/ or
https://ipaddress/daloradius/ (recommended)
(Use "administrator" as username and last 12 characters of your Virutal Machine ID (VmId) as password)
User credentials can also be read in the following way:
- on Linux welcome page (SSH, Linux username: azureuser);
- via remote MySQL request (port 3306, username: remote, password: last 12 characters of your Virtal Machine ID (VmId), database: radius, table: radcheck - list of users, table: radusergroup - access status for users Enabled/Disabled). The database is readable and writable via 3306 port.
ADDITIONAL INFO
For more convenience, phpMyAdmin (database management) is available at:
http://ipaddress/phpmyadmin/ or
https://ipaddress/phpmyadmin/ (recommended)
default username for phpMyAdmin: administrator
initial password: last 12 characters of your Virtual Machine ID (VmId)
By default, access to phpMyAdmin is denied in file "/usr/share/phpmyadmin/.htaccess"
Linux username: azureuser
| Try this server on MS Azure ! |