Access Server Admin Web UI First Login
About the page
Once you’ve completed installation of Access Server, you can now connect to the Access Server Admin Web UI remotely. The following information shows you how to access the Web UI, add new users and admins, and disable the default, bootstrap admin user.
If you have not yet installed Access Server, see the Access Server Installation options page for more information.
Admin Web UI Address and Login Credentials
At the completion of your Access Server installation, an output message similar to this displays:
Please enter "passwd openvpn" to set the initial administrative password, then login as "openvpn" to continue configuration here: https://192.168.102.130:943/admin To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool. +++++++++++++++++++++++++++++++++++++++++++++++ Access Server Web UIs are available here: Admin UI: https://192.168.102.130:943/admin Client UI: https://192.168.102.130.943 +++++++++++++++++++++++++++++++++++++++++++++++
Recall the Admin UI IP address or domain and the password you assigned for the openvpn bootstrap admin, crucial steps during the installation process. If you do not remember the IP address or domain, locate the init.log file which should be found in the path /usr/local/openvpn_as/init.log. The bottom text of the file provides the addresses needed to access the Admin UI.
If you did not change the password for the openvpn bootstrap account or you do not remember the password you have assigned it, you can simply change it by inputting:
Input the new password twice and you will be able to access the Admin Web UI with the openvpn bootstrap credentials.
Logging into the Admin Web UI
Now that you have the IP address or domain and the credentials, input the address for the Admin UI into your web browser. You will receive a warning about navigating to an unsecured network. Accept the risks to continue. You should then be navigated to a page that prompts for login credentials. Input the required information:
- Username: openvpn
- Password: the password you assigned for openvpn bootstrap account
If this is your first time logging in, review the OpenVPN Access Server End User License Agreement. Choose agree to continue.
If you have reached this page, you have successfully accessed the Web UI.
If you reach this page, simply click on the admin button.
If you cannot login, try changing the openvpn password again and reboot the server. Wait a few seconds and attempt to login once again. In the case that you cannot access the Web UI, you have the option of resetting your configuration by typing the following into your servers command line:
This option is suggested as a last resort and should only be used if you are absolutely sure that you need to wipe clean all configurations of your server. Since this guide assumes that Access Server was recently installed, this option is very reasonable to use for first time configuration if you encounter errors. If you have already configured settings for your server, understand that all settings will be deleted after running the command.
Add New Users and Admins
The following explain the steps for adding users and changing admin credentials. After logging in, you start on the landing page or Status Overview. This material is explained in our How to Configure the OpenVPN Access Server guide and in our Access Server Web UI Reference Manual.
How to add a new admin:
- Click User Management located in the blue side bar.
- Click User Permissions.
- Input into the box, New Username, the desired username of the new account.
- Click the Admin checkbox.
- Click on the More Settings icon.
- In the field labeled Local Password, enter the new user password.
- Click the Save Settings button to finalize all your changes.
To add a new user, follow the steps above without checking the Admin box.
Disable the Bootstrap Admin
You have the option to disable the bootstrap user. We recommend this step in order to harden your server’s security. To do so, enter the following into your server’s command line:
passwd -d openvpn deluser openvpn nano /usr/local/openvpn_as/etc/as.conf
Now change the line:
to the following:
Once you have made these changes, restart the Access Server to apply them. Now only the admins you have defined will have access to the Web UI.
To permanently delete the user, input:
./sacli --user "openvpn" UserPropDelAll