Overview
IKEv2 EAP-MSCHAPv2 Internet Access VPN Server based on StrongSwan® technology with RADIUS authentication and User Management Web Panel. This VPN server is intended to provide the secure internet access for computers and mobile devices. It uses AES-256 encryption, which is currently considered strong enough to protect against brute-force attacks. This VPN server is easy-to-use. After launching, it is immediately fully operational. No server setup required. User authentication is based on certificates and credentials (username/password). The speed of data transfer through VPN using IKEv2 protocols is much higher than with OpenVPN encryption with the same computing power of servers. High efficiency of this IKEv2 EAP-MSCHAPv2 VPN server allows using it even on low-performance machines, that may reduce the costs. You can choose a simple instance type like t3.micro, t3.small, t3.medium etc. This VPN server provides a stable VPN connection at the highest possible speed. There is no user limit imposed on the VPN server. It is recommended to determine the number of users based on the server capacity and the actual load experienced by the server. The server works with client devices on Windows, Linux, Android and iOS. To connect Android devices to this server, there is a special application "strongSwan VPN Client" that is more convenient than a standard Android VPN application.
Areas of use:
- IKEv2 EAP-MSCHAPv2 VPN server can be used to provide the secure internet access for computers and mobile devices.
- This VPN server can be used to provide internet access in countries where the authorities restrict the Internet.
- Suitable for use by individuals, for small companies as well as for companies that provide access to VPN services.
The key features of this VPN Server:
- Easy-to-use. After launching, this VPN server is immediately fully operational. No server setup required.
- This server works with client devices on Windows, Linux, Android and iOS.
- Authentication with certificates (IKEv2) + username/password (EAP-MSCHAPv2).
- It uses AES-256 encryption, which is currently considered strong enough to protect against brute-force attacks.
- A convenient VPN client for Android ("strongSwan VPN Client") that has more features than a standard Android VPN client
- User Management Web Panel. You can add, delete or edit user records. You can see which users are online, you can see the volumes of transmitted traffic. Remote user management via MySQL (port: 3306) is supported.
- Very high speed of the VPN channels. Optimal server configuration provides the highest possible data transfer rate.
This server based on strongSwan® open source project © 2023 by The strongSwan Team
Highlights
- Easy-to-use. After launching, this VPN server is immediately fully operational. No server setup required.
- Very high speed of the VPN channels. Optimal server configuration provides the highest possible data transfer rate.
- It uses AES-256 encryption, which is currently considered strong enough to protect against brute-force attacks.
Details
Typical total price
$0.073/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.nano | $0.063 | $0.006 | $0.069 |
t2.micro AWS Free Tier | $0.063 | $0.012 | $0.075 |
t2.small | $0.063 | $0.023 | $0.086 |
t2.medium | $0.063 | $0.046 | $0.109 |
t2.large | $0.063 | $0.093 | $0.156 |
t2.xlarge | $0.063 | $0.186 | $0.249 |
t2.2xlarge | $0.126 | $0.371 | $0.497 |
t3.nano | $0.063 | $0.005 | $0.068 |
t3.micro AWS Free Tier Recommended | $0.063 | $0.01 | $0.073 |
t3.small | $0.063 | $0.021 | $0.084 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
You may terminate the instance at anytime to stop incurring charges.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
STARTING THE SERVER
- Launch instance from AMI. Linux username: admin
- Attach Elastic IP address to the instance (recommended).
After launching the server, it is immediately ready to work; no additional settings are required.
User authentication: certificates + username/password. Server certificates are automatically generated and installed on the server when instance is launched for the first time or after starting the instance if IP address of the instance has changed. User certificates are the same for all users.
ZIP archive containing client certificates can be downloaded using a web browser:
- https://[Public IP address]/config/cert-download.php
- use "config" as username and your instance ID as password.
User management Web Panel:
- https://[Public IP address]
- use "administrator" as username and your instance ID as password.
When accessing the Web Panel or downloading ZIP archive using the HTTPS protocol, your web browser may display a warning about potential risks due to the use of IP address in the URL. In this case, you should proceed and accept the risks, as our goal is to encrypt traffic, and there is no reason to worry about using IP address in a web browser.
WINDOWS-CLIENT SETUP
To set up the VPN client on Windows, you need to perform two main steps:
-
- Install client certificates on Windows.
-
- Create and configure an IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.
- Installing certificates on Windows computers.
Unpack the previously downloaded ZIP archive into a separate folder. Certificates should be installed in the "Local Computer" store. To do this, simply run the file "install-cert-win.bat" (administrator account required). As a result, the client certificate "vpnclient@ec2-...amazonaws.com" will be installed to "Local Computer"->"Personal"->"Certificates" store, and the certificate "ADEO VPN root CA" will be installed to "Local Computer"->"Trusted Root Certification Authorities" store, as shown in the picture "cert-console.jpg". You can check this using the MMC console (double-click the file "cert-console.msc").
- Creating and configuring the IKEv2 VPN connection with Extended Authentication Protocol (EAP) EAP-MSCHAP v2.
The VPN connection must be created using standard Windows tools. The VPN connection should include:
- Server address: public IP address of the instance on AWS
- VPN Type: IKEv2
- Extended Authentication Protocol (EAP): EAP-MSCHAP v2
- Credentials (username and password): see users on the Web Panel.
ANDROID-CLIENT SETUP
To set up the VPN client on Android, you need to perform two main steps:
-
- Install client certificates on your Android device.
-
- Install and configure the "strongSwan VPN Client" application from Google Play.
- Installing certificates on Android device.
Upload the file "client-cert.p12" to your Android device and tap on it. Install the certificates using the password "vpn".
- Installing and configuring the "strongSwan VPN Client" application.
Download and install the "strongSwan VPN Client" application from Google Play. Then, create a new profile.
The profile for the "strongSwan VPN Client" should include:
- Server address: public IP address of the instance on AWS
- VPN Type: IKEv2 Certificate + EAP (login and password)
- User Certificate: select a certificate that you installed
- CA Certificate: select automatically
If you decide to use the standard Android VPN client instead of the "strongSwan VPN Client", then the settings should include:
- Server address: public IP address of the instance on AWS
- Type: IKEv2/IPSec MSCHAPv2
- Certificate: select a certificate that you installed
ADDITIONAL INFO
For more convenience, phpMyAdmin (database management) is available at:
- https://[Public IP address]/phpmyadmin/
- Default username for phpMyAdmin: "administrator", initial password is your instance ID.
- By default, access to phpMyAdmin is denied in .htaccess file: /usr/share/phpmyadmin/.htaccess
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.