Launch the server. This server does not require the powerful computing resources - you can choose basic instance type like B1ls, B1s, B1ms etc. After launching, this server is immediately fully operational. No server setup required.
Linux username: azureuser
User authentication is based on certificates and credentials (username/password). Server certificates are automatically generated and installed on the server when the instance is launched for the first time, or after stopping and starting the instance, if the IP address of the instance has changed. Client's certificates can be downloaded using a web browser:
http://ipaddress/config/cert-download.php or
https://ipaddress/config/cert-download.php (recommended)
(Use "config" as username and last 12 characters of your Virutal Machine ID (VmId) as password to download these files with web browser. Click here to see how to find the password on your Azure panel. Additionally, your can find the password on a Linux welcome screen with help of SSH).
As a result of downloading the ZIP archive, you will receive the following files:
- "client-cert.p12" - file containing 2 certificates required for a client device: a Client Certificate and Trusted Root Certificate. Password to install this certificate: "vpn"
- "install-cert-win.bat" - a file that automatically installs certificates on Windows computers.
- "cert-console.msc" - certificate management file for Windows (to open the certificate management console just double-click this file). Certificate management console can be used to view, add or remove certificates in Windows.
INSTALLING CERTIFICATES ON WINDOWS COMPUTERS (this method works for all versions of Windows)
Certificates should be installed into store "Local Computer". To do it, simply double-click the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@xx.xx.xx.xx" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store. Additionally, the certificate management console (double-click the file "cert-console.msc") can be used to install certificates manually.
CREATING A VPN CONNECTION ON WINDOWS COMPUTERS
The VPN connection should include: - VPN Type: IKEv2
- Extended Authentication Protocol (EAP): EAP-MSCHAP v2
- Server address: public IP address of the server
CREDENTIALS FOR VPN CONNECTION (username/password)
When the server is first started, it creates 2 test accounts "user1" and "user2" with a random passwords. User logins and passwords are stored in the database on the server, and they can be found for each user with help of user management Control Panel (Management->List Users):
http://ipaddress/daloradius/ or
https://ipaddress/daloradius/ (recommended)
(Use "administrator" as username and last 12 characters of your Virutal Machine ID (VmId) as password)
User credentials can also be read in the following way:
- on Linux welcome page (SSH, Linux username: azureuser);
- via remote MySQL request (port 3306, username: remote, password: last 12 characters of your Virtal Machine ID (VmId), database: radius, table: radcheck - list of users, table: radusergroup - access status for users Enabled/Disabled). The database is readable and writable via 3306 port.
TESTING
As mentioned above, when the server was first started, 2 test user records "user1" and "user2" were already created so you can try to establish 2 simultaneous connections from 2 different computers to check the visibility of these computers through this VPN server. According to initial settings in a Control Panel, the IP address 10.10.10.1 is assigned to "user1" and 10.10.10.2 is assigned to "user2".
If clients "user1" and "user2" are simultaneously connected to this server at the same time, they will be able to see each other. You can check it with help of "ping" command: in Windows computers you can click "Run..." menu item of Start Menu, then print "cmd" to open Command Prompt and then execute command: "ping 10.10.10.2" (or "ping 10.10.10.1" on another computer respectively).
After successfully completing the ping test, you can establish the secure connection between remote computers via VPN. In Windows computers, you can click "Run..." menu item of Start Menu and execute the command like "\\10.10.10.2\" to see the shared folders of another computer.
Important. Additionally, this server can be used to provide the secure internet access for client computers via VPN, and the possibility of such internet access is controlled on the client side with help of "Use the default gateway on remote network" checkbox on Windows in settings for "Internet Protocol Version 4 (TCP/IPv4)". By default, this checkbox is enabled, so when a client connects to this server, all Internet traffic will be redirected through the VPN.
ADDITIONAL INFO
For more convenience, phpMyAdmin (database management) is available at:
http://ipaddress/phpmyadmin/ or
https://ipaddress/phpmyadmin/ (recommended)
default username for phpMyAdmin: administrator
initial password: last 12 characters of your Virtual Machine ID (VmId)
By default, access to phpMyAdmin is denied in file "/usr/share/phpmyadmin/.htaccess"
When used in a web browser protocol HTTPS, the browser will warn about the risk and you can accept it, since our task is to encrypt the traffic and not to doubt the authenticity of the certificate.