IPsec is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.
This is a quick deployment and ready-to-run image.
Simple and rapid installation. Easy to maintain.
Configuring and Connecting IPsec/L2TP VPN Server on Amazon Linux 2
If you have NSG or firewall devices in the AWS Marketplace, you need to open access to the following ports: 500, 4500 (UDP).
To open ports, go to the VM settings in the AWS Marketplace – open Network and add the required ports.
Linux Server Management
To connect to the Server, you need to generate a “Private Key” in advance. This can be done using the following instructions (by choosing the “file format:” option “.ppk” in step 3)
To work with the server, you need to connect to it via PuTTY
- Download and run Putty
- Go to the “SSH” section on the left pane and then to “Auth”
- In the “Auth” section, click “Browse” and specify the path to the .ppk file you received earlier.
- Go to the “Session” home page, enter the IP address of the virtual machine and click “Open”.
- In the console that opens, you will need to enter the root login
- Enter the following command:
> sudo su
The virtual machine automatically generates one user, to view the login and password, enter:
> cat /etc/ppp/chap-secrets
To add a user, enter:
> addvpnuser username userpass
And confirm the creation of the user by typing “Y” and Enter in the console.
(where instead of “username” enter any preferred username and instead of user pass enter any preferred password)
If the user has already been created, the password will be overwritten!
> delvpnuser username
To view the PSK of your virtual machine, enter:
> cat /etc/ipsec.secrets
This key will be required to further create a connection to the VPN server.
Create a connection in Windows 10
- Right click on the Internet connection icon in the taskbar:
- Select “Open Network and Sharing Center” (or, if you are using Windows 10, version 1709 or later, select “Open Network and Internet Settings” and then on the page that opens, click “Network and Sharing Center”)
- Click on “Create and configure a new connection or network”:
- Select “Connect to a workplace” and click “Next”:
- Click “Use my Internet Connection (VPN)”:
- Next, enter your IP address of the virtual machine in the “Internet address” field and a convenient name for the connection in the “Destination name” field and click “Create”:
- Return to the “Network and Sharing Center” and select “Change adapter settings”:
- Right click on the previously created VPN connection icon and select “Properties”:
- In the pop-up window, go to the Security tab. Click “Allow these protocols” and check the boxes for “Handshake Authentication Protocol (CHAP)” and “Microsoft CHAP Version 2 (MS-CHAP v2)”:
- In the same window, click “Advanced Settings”, select “Use a Preshared Key for Authentication” and enter the PSK key of your virtual machine (information on where and how to view the key is described above in the “Server Management in Centos” section.) And click “OK”
- Click OK in the VPN Connection Properties window and confirm saving by clicking Yes in the Network Connections window:
Everything is ready to connect. Now click LMB on the Internet connection icon on the taskbar; click on the previously created connection and click “Connect”:
Enter the username and password of any VPN user created on the virtual machine in the authorization window:
Now your external IP has changed and you are browsing the Internet through the VPN server of the virtual machine.
In case of error: “The network connection between your computer and the VPN server cannot be established because the remote server is not responding. This could be because one of the network devices (like firewalls, NATs, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Check with your administrator or service provider to determine which device may be causing the problem.”
To fix this error, a one-time registry change is required because the VPN server and/or client are behind a NAT (for example, a home router). Run the following from the command line while opening with administrator rights. When finished, you need to restart your computer.
For Windows Vista, 7, 8.x and 10:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
Windows XP ONLY:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
Although this is rare, some Windows systems disable IPsec encryption, causing the connection to fail. To turn it back on, run the following command and restart your computer.
For Windows XP, Vista, 7, 8.x and 10:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSec /t REG_DWORD /d 0x0 /f