STARTING THE SERVER
1. Launch the server. This server does not require the powerful computing resources; you can choose a simple instance type.
2. Attach the elastic ip to the instance (recommended).
Linux username: admin
After launching, the VPN server becomes immediately fully operational with no additional setup required.
This server supports VPN connections:
When the server is first started, a Pre-Shared Key (PSK) is generated. This key is the same for all VPN users. You can find PSK on a Linux welcome screen or you can find it in "/etc/ipsec.secrets". You can change it, if needed.
User management Web Panel:
https://[Public IP address]
(use "administrator" as username and your instance ID as password)
When accessing the Control Panel using HTTPS, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.
WINDOWS-CLIENT SETUP
In order to establish L2TP/IPSec-PSK connection from Windows, you may need to make changes to the Windows registry, otherwise Windows error code 809 or 789 may appear. To fix it:
- in section "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent" create a DWORD (32-bit) parameter "AssumeUDPEncapsulationContextOnSendRule" and set value 2 for it.
- in section "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters" set the parameter "ProhibitIPSec" to 0.
- restart Windows.
When creating a VPN connection on Windows, you can use the "Use the default gateway on remote network" checkbox in order to allow/deny sending all traffic through the VPN.
It should be noted that the simultaneous connections to this VPN server of several Windows client devices that are located behind a single NAT router may not work with L2TP-IPSec-PSK. In this case, we recommend to use PPTP connection for each Windows device.
CONNECTION OF 2 COMPUTERS THROUGH VPN
Web Panel allows you to assign static (fixed) or dynamic IP addresses to VPN clients.
When the server starts for the first time, it creates 2 test users: "user1" (10.1.1.10) and "user2" (10.1.1.20) with randomly generated passwords, so you can try to establish 2 simultaneous VPN connections from 2 different computers to check the visibility of these computers through this VPN server. You can find passwords for these users on a Linux SSH welcome screen or in user management web panel.
After 2 VPN connections Client-Server have been established, you can ping both of your client computers to make sure that they can see each other: in Windows computers you can click "Run..." menu item of Start Menu, then print "cmd" to open Command Prompt and then execute command: "ping 10.1.1.20" (or "ping 10.1.1.10" on another computer respectively).
After successfully completing the ping test, you can establish the secure connection between remote computers via VPN. In Windows computers, you can click "Run..." menu item of Start Menu and execute the command like "\\10.1.1.20\" to see the shared folders of another computer.
ADDITIONAL INFO
The default local network is 10.1.1.0/24. To change the local network (for example, to 192.168.50.0/24) please run:
"sudo bash /home/admin/set_network.sh 192.168.50.0"
phpMyAdmin (database management):
https://[Public IP address]/phpmyadmin/
Default username for phpMyAdmin: "administrator", initial password is your instance ID. By default, access to phpMyAdmin is restricted in "/usr/share/phpmyadmin/.htaccess"
Access to the Database via Port 3306:
By default, for security reasons, access to the server through port 3306 is closed. However, the database includes a user named "remote," who has read and write access to the database if this port is opened. This can be useful for managing users remotely via MySQL queries.
Username: "remote", password is your instance ID, database: "radius", tables: "radcheck" - list of users, "radusergroup" - access status for users (Enabled/Disabled).
