Valdras Gate Server by 0x4447

1.0.x

Initial Startup

Expect a slight delay in the startup time of our product relative to launching an instance with a standard AMI. This occurs as our bespoke software configuration is applied to tailor the product to your needs, extending the initialization process by a few minutes.

Server Connection

Using SSM

All of our products are designed to support AWS Systems Manager (SSM) right out of the box. We strongly believe in security, and the fewer ports exposed to the public, the better. The SSM service provided by AWS perfectly aligns with this approach.

When you need to connect to an instance, opt for connecting through the Session Manager. Once you've gained access, execute the command sudo su ec2-user to switch to the user account where all of our tools are located. This ensures you have the appropriate permissions and access to the necessary resources. Additionally, you're encouraged to use the AWS Systems Manager service for secure and efficient management of your instances. This integrated service provides a unified interface for automated tasks and monitoring, further enhancing your operational security and efficiency.

Using SSH

This approach is also available to you.

User Management

Creating a User

To create a new VPN user, all parameters are required:

sudo ov_user_add --first-name John \
                 --last-name Doe \
                 --email john.doe@example.com \
                 --traffic all \
                 --expiration-date 2026-12-31 \
                 --creation-reason "Remote access for Q4 project"

For routing only remote network traffic via the VPN:

sudo ov_user_add --first-name Jane \
                 --last-name Smith \
                 --email jane.smith@example.com \
                 --traffic partial \
                 --expiration-date 2026-06-30 \
                 --creation-reason "Access to private subnet"

Required Parameters

--first-name: User's first name
--last-name: User's last name
--email: User's email address
--traffic: Traffic routing mode (all or partial)
- all: Routes all traffic through the VPN
- partial: Routes only traffic to the remote network through the VPN
--expiration-date: Profile expiration date in YYYY-MM-DD format
--creation-reason: Justification for creating the profile (for audit purposes)

Automatic Email Delivery

When a user is created, their .ovpn profile is automatically emailed to the address specified. Email delivery requires SES credentials to be configured in /opt/0x4447/configs/email.conf.

Deleting a User

To delete a user, specify their email and traffic type:

sudo ov_user_delete --email john.doe@example.com --traffic all

This will revoke the user's certificate and update the Certificate Revocation List (CRL).

Listing All Users

To view all VPN users:

sudo ov_user_list

Output displays: email, traffic type, full name, expiration date, and creation timestamp.

Listing Expired Users

To view all users with expired profiles:

sudo ov_user_list_expired

This helps identify profiles that need renewal or removal.

VPN Clients

Desktop
- Windows
- MacOS
- Linux
Mobile
- iOS
- Android

Advanced details

Key Features

Unlimited Users: Supports an unlimited number of users, ensuring scalability for your growing needs.
Flexible Traffic Routing: Route all or specific parts of your traffic through the VPN, giving you complete control over your data flow.
Easy Profile Management: Custom Command Line Interfaces (CLIs) simplify the creation and management of .ovpn profiles.
Automatic Email Delivery: New VPN profiles are automatically emailed to users upon creation via AWS SES integration.
Expiration Tracking: Built-in tools to list and identify expired user profiles for manual review and renewal.

Use Cases

Access to Private AWS Subnets:

AWS networks contain subnets, which can be public or private. Private subnets are secure areas not directly accessible from the public internet, housing critical servers and data. The most secure method to access these private subnets is through a VPN deployed in a public subnet. This setup encrypts your connection, allowing safe access to the private subnet and its servers as if they were local to your network, ensuring data security and integrity within AWS environments.

Secured Internet Connection for Remote Employees:

Beyond accessing private resources, this VPN also safeguards the internet connections of remote employees. By routing their traffic through the VPN, all online activities are encrypted, protecting company-sensitive data from potential interception by third parties. This ensures that employees can work securely from any location, preserving confidentiality and data integrity.

Inter-Office Connectivity:

For organizations with multiple office locations, maintaining a secure and reliable inter-office network is crucial. Our VPN solution facilitates the creation of a secure virtual network overlaying the public internet, linking different office locations. This secure network tunnel ensures that data exchanged between offices is encrypted and protected from external threats, enabling seamless collaboration and resource sharing across geographical locations.

Compliance and Data Protection:

Businesses subject to stringent regulatory requirements can benefit significantly from our VPN solution. By encrypting data in transit and providing secure access controls, the VPN helps organizations comply with data protection laws and industry standards. This is particularly important for sectors like healthcare, finance, and legal, where data privacy is paramount.