Quick Start Guide

OpenVPN Access Server Quick Start Guide

Click HERE for OpenVPN Access Server 1.8.5 Release Notes


This guide will help you understand the basics for setting up and deploying the OpenVPN Access Server

OpenVPN Access Server consists of three major components:

• OpenVPN Server
• Admin Web Interface/Admin UI
• Connect Client

OpenVPN Server:
The VPN server is the underlying component in OpenVPN Access Server that does all of the background work; routing, tunneling, encryption, user management, authentication etc. OpenVPN Access Server comes with a Web GUI that helps to manage the underlying components of the VPN server.

Admin Web Interface:
The Admin Web Interface makes for an easier management interface in OpenVPN Access Server. In the Admin Web Interface an administrator can manage options such as layer 2 or layer 3 routing, user permissions, server network settings, authentication and web server certificates. By default an administrator can access the Admin Web Interface by visiting this address in a web browser: https://openvpnasserverip/admin (Please replace "openvpnasip" with the IP or hostname you allocated to your openvpn-as instance)

Connect Client:
The Connect Client Interface is a component of OpenVPN Access Server that allows users to connect to the VPN directly through their web browser. The Connect Client also gives the user options to download their configuration files which can be userd on other OpenVPN clients.


- OpenVPN Connect Client
- OpenVPN Connect Client for Mac
- OpenVPN Community Client (For Linux/Windows)

Initial Configuration:
In order to install OpenVPN Access Server there are a few things that will need to be looked at;
- Linux Distribution
- CPU Architecture


Note: If you decide to download the Virtual Appliance (to run the Server on Windows) the next step does not apply to you. If you choose to download the virtual appliance (to run the Server on Windows) you will need to make sure you follow the instructions in one of these guides:

- VMware Virtual Appliance
- Hyper-V Virtual Appliance and the Hyper-V quick start guide


Linux Distribution:
You will need to make sure you download the package that corresponds with the current OS Distro, we currently support these Linux Distros:
- Ubuntu
- RHEL
- Fedora
- CentOS
- Debian (Install Ubuntu Packages for Debian)

Click here to download the OpenVPN Access Server packages


CPU Architecture:
You will need to make sure you install the correct package depending on your CPU Architecture (32bit or 64bit)

Installing the OpenVPN-AS Package:
To Install the OpenVPN-AS package in Ubuntu or Debian you will need to run this command:

dpkg -i openvpnasdebpack.deb

To install the OpenVPN-AS package in CentOS, RHEL, or Fedora you will need to run this command:

rpm -i openvpnasrpmpack.rpm

The Admin Account for OpenVPN-AS needs to be setup through terminal by doing the following:

Change the password:

passwd openvpn

You will then be prompted to set a password for the user openvpn, after setting the password you can login to the Admin UI with the Username openvpn and the password you set.

Note: In some circumstances for certain configurations you may need to run the complete ovpn-init script terminal: /usr/local/openvpn_as/bin/ovpn-init

Configuring the Admin Web Interface:
After you have completed the Initial Configuration Tool you should then be able to access the Admin Web Interface through your preferred web browser. You should have noticed an link to the Admin Web Interface after you completed the Initial Configuration Tool, if you missed it you can access the Admin Web Interface by typing the following in your browsers address bar: https://openvpnasip/admin (Please replace "openvpnasip" with the IP you allocated to your openvpn-as instance)

You can now go ahead and login with your openvpn admin credentials. Once logged in you will see the following screen:

admin-ui-logon


Configuring Server Network Settings:
If you want the OpenVPN Access Server to be reachable from the internet you will need to set the Hostname or IP address to a hostname or IP that is facing the public internet. Please refer to the screenshot below:

admin-ui-networkserver

Note: OpenVPN 1.6.0 requires you to set a hostname in this field if you connect via the OpenVPN Connect Client

VPN Settings:
The VPN Settings page allows you to configure options like the Dynamic IP Address Network which is OpenVPN Access Server's internal DHCP system. By default the subnet is set to "5.5.0.0/20" this can be changed to a subnet that might work better for your current network.

The routing section gives the option to push certain routes to networks the OpenVPN Access Server is sitting on to remote clients.
There is also an option that allows client internet traffic the ability to be forwarded through the OpenVPN Access Server.

User Permissions:
The User Permissions page allows settings per client to be changed. The auto-login profile can be enabled if desired. When you click "show" next to the username you will see more options that can be configured, this is the area where you would define settings for a gateway client:

admin-ui-user-permission

Connect Client:
The Connect Client can be accessed via a preferred web browser by inserting the following address into the address bar:
https://openvpnasip (Please replace "openvpnasip" with the IP you allocated to your openvpn-as instance)


Users have the option to either Connect to the VPN or Login to the Connect Client. When connecting the user will be connected to the VPN directly through their web browser. When the user decides to login to the Connect Client they can downoad their user configuration files (client.ovpn) and use them to connect to the VPN with other OpenVPN Clients.

client-ui
This concludes the getting started guide, if you require a more in depth explanation of certain features of the overall operations of the OpenVPN Access Server please refer to the OpenVPN Access Server Systems Administrator Guide which can be found on the following page: http://openvpn.net/index.php/access-server/docs.html