Managing the Configuration of the Instance

Once the instance is launched, monitor its status using the Instances page of the EC2 Management Console. The EC2 Management Console will display whether the instance is up and reachable and will also display its current public IP address and the hostname that resolves to the public IP address. Find the hostname and public IP address in the EC2 console by clicking on the Instances heading on the left, finding the instance and checking the checkbox next to it and looking at the details at the bottom of the page.

../_images/aws-vpn-appliance-17.jpg

In the example above, the hostname of the instance is ec2-23-20-204-54.compute-1.amazonaws.com. The public IP address is available by putting together the 4 numbers included in the hostname - 23.30.204.54. It is also possible to obtain the IP address by using a popular DNS lookup tool such as host, dig, or nslookup to resolve the hostname to its IP address.

Note

The hostname and IP address used in this and other examples in this guide are associated at the time of writing with a test instance. This address/hostname will not be the same values used to access the instance and they will not even be associated with the same test instance by the time this guide is available to the public.

In order to manage the configuration of the instance, connect to it via https or ssh. To connect via ssh, use the key pair chosen while creating the instance to connect to the admin account. From the command line on a Unix/Linux host, use a command similar to ssh -i my_key_file admin@public_IP, where the appropriate private key file and public IP or hostname are substituted. In the example below, the key file my_ec2_key is used to connect to the IP address 23.20.204.54.

Note

The first time logging into the instance, the ssh key of the instance will not be cached locally, type yes when asked whether to continue connecting. This should not be necessary on subsequent sessions.

../_images/aws-vpn-appliance-18.jpg

A limited set of configurations is possible through the ssh interface. The preferred method for managing most of the configurations or viewing data on the status of the Netgate® pfSense® instance is through the https webGUI. To connect via https, enter an https:// URL containing the public IP address or hostname of the instance into a web browser. For example, https://23.20.204.54.

It’s very likely there is a browser warning indicating that the security certificate of the site is not trusted, because the instance uses a self-signed certificate for https communication. Click on the option to proceed to the site anyway and a login screen with the Netgate logo should appear.

The username to log in with is admin. The password to use is either a value set in the User Data during the creation of the instance or a random password. If a specific password wasn’t set, find out that value that the random password was set to through one of two different means:

  1. The first is to log in over ssh with the key pair that was selected when the instance was created and examine the contents of the file located at /etc/motd. Select option 8 (Shell) from the console menu that is presented after log in and execute cat /etc/motd from the shell.

  2. Alternatively, view the System Log for the instance in the EC2 Management Console. After the messages that are displayed that show the status of the boot process, a message should appear that indicates what the administrative password was changed to.

The message, using either of the methods mentioned, will look like this

***
***
*** Admin password changed to: abcdefg
***
***

In this example, the password was changed to abcdefg.

Note

Be aware that the System Log output in the EC2 Management Console is not updated in real time and may take a few minutes to show up. It is preferable to explicitly set a password by passing a value in with the User Data field so the password will be known in advance. To allow a random password to be set, connect via ssh and find out what the password was changed to after the instance is up without any delay.

Once the password has been determined and entered into the login form, the pfSense WebGUI should be available.