STARTING THE SERVER

1. Launch instance from AMI. Linux username: admin
2. Attach Elastic IP address to the instance (recommended).

After launching the server, it is immediately ready to work; no additional settings are required.

User authentication: certificates + username/password. Server certificates are automatically generated and installed on the server when instance is launched for the first time or after starting the instance if IP address of the instance has changed. User certificates are the same for all users.

ZIP archive containing client certificates can be downloaded using a web browser:

• https://[Public IP address]/config/cert-download.php
• use "config" as username and your instance ID as password.

User management Web Panel:

• https://[Public IP address]
• use "administrator" as username and your instance ID as password.

When accessing the Web Panel or downloading ZIP archive using the HTTPS protocol, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.

WINDOWS-CLIENT SETUP

To set up the VPN client on Windows, you need to perform two main steps:

• 1. Install client certificates on Windows.
• 2. Create and configure an IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

1. Installing certificates on Windows computers.

Unpack the previously downloaded ZIP archive into a separate folder. Certificates should be installed in the "Local Computer" store. To do this, simply run the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@ec2-...amazonaws.com" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store, as shown in the picture "cert-console.jpg". You can check this using the MMC console (double-click the file "cert-console.msc").

2. Creating and configuring the IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.

The VPN connection must be created using standard Windows tools. The VPN connection should include:

• Server address: public IP address of the instance on AWS
• VPN Type: IKEv2
• Extended Authentication Protocol (EAP): EAP-MSCHAP v2
• Credentials (username and password): see users on the Web Panel.

CONNECTION OF 2 COMPUTERS THROUGH VPN

When the server starts for the first time, it creates 2 test users: "user1" and "user2" so you can try to establish 2 simultaneous connections from 2 different computers and check the visibility of these computers through this VPN server. Passwords for these users can be found in the Control Panel (Management->List Users). According to initial settings, the IP address 10.10.10.1 is assigned to "user1" and 10.10.10.2 is assigned to "user2".

If clients "user1" and "user2" are simultaneously connected to this server, they will be able to see each other. You can test it with "ping" command: in Windows computers you can click "Run..." menu item of Start Menu, then print "cmd" to open Command Prompt and then execute command: "ping 10.10.10.2" (or "ping 10.10.10.1" on another computer respectively).

After successfully completing the ping test, you can establish the secure connection between remote computers via VPN. In Windows computers, you can click "Run..." menu item of Start Menu and execute the command like "\\10.10.10.2\" to see the shared folders of another computer.

ADDITIONAL INFO

For more convenience, phpMyAdmin (database management) is available at:

• https://[Public IP address]/phpmyadmin/
• Default username for phpMyAdmin: "administrator", initial password is your instance ID.
• By default, access to phpMyAdmin is denied in .htaccess file: /usr/share/phpmyadmin/.htaccess