Configuration: Network Settings
About the Page
The Server Network Settings page allows you to edit the settings for hostname, protocol, daemons, and port numbers for the three network servers compromising the Access Server: the VPN Server, the Admin Web UI, and the Client Web Server.
An overview of the Network Settings page:
The fields and settings within the VPN Server section configure the hostname or IP address, interfaces, protocols, daemons, and ports. Incorrect configuration of the hostname or IP address of your server breaks Access Server functionality. Any changes to these settings directly affects the client configuration files issued to VPN clients. Thus, making any alterations will require any users that have downloaded VPN Client installers and/or configuration files to redownload or update their VPN profile.
The hostname or IP address of the server must be configured properly in order for the Access Server to function correctly. There is also the option to choose between using TCP, UDP, or both protocols. Regardless of which choice, you have the option to define the port used by each protocol. If both are chosen, you also have the option to define how many daemons both protocols may have.
VPN Server Section
Hostname or IP Address
This is the name or IP address that VPN clients will use to access the VPN Server. It must be a public IP address or Fully-Qualified Domain name (FQDN). We strongly recommend using an FQDN for this setting.
Interface and IP Address
This configures the port where OpenVPN Access Server will listen to Admin Web UI requests. If you cannot access the interface listed, you will be unable to login to your server.
You can choose TCP, UDP, or Both (multi-daemon mode) for protocol options. The OpenVPN protocol functions best over just the UDP protocol. By default, the downloaded connections profiles from Access Server are pre-programmed to try UDP first, then TCP, if that fails. However, for certain networks that may block some traffic, you may need TCP or both.
For example, on a public network, only traffic for protocols such as HTTP, HTTPS, FTP, SMTP, POP3, and IMAP, are allowed. Most of those are TCP-only. For connections through such a network, it’s useful to also support TCP connections. By default, we choose port TCP 443, which is the same port as HTTPS traffic, which is usually allowed even on restrictive networks.
We consider TCP less ideal due to the possibility of the TCP meltdown phenomenon, which occurs when you stack one transmission protocol on top of another (such as TCP traffic transported within an OpenVPN TCP tunnel). The underlying layer may encounter a problem and attempt to correct or compensate it, but the layer above overcompensates, which causes delays and problems.
Daemons and Port Numbers
You can change the number of TCP or UDP daemons as well as their port numbers with these fields.
Admin and Client Web Servers
When TCP or Both (multi-daemon mode) are selected, you have the option to choose whether the VPN Server provides access to the Admin and/or Client Web Server services through its IP address and port. If you choose No, they are still accessible via their configured IP address and port number.
Admin and Client Settings
The sections for the Admin and Client UIs allow you to configure the ports to access each and the interfaces they listen on. You can change these settings with one of the three options beneath Interface and IP Address.
Admin and Client Configuration Settings
Notice that the Client Web Server section has the option to use the same IP address and Port as the Admin UI. If chosen, it will inherit the port, interface and IP address, defined for the Admin Web UI. If you choose to use a different IP address or port, you will see additional configuration options.
If you select Use a different IP address or port then this additional section displays for configuration
Press the Save Settings button to finalize all changes.
Configuration: Network Settings provides a clear interface to configure the settings for the VPN Server and the website settings for the Admin and Client servers. It is a simple page that showcases the ease of configuring the Access Server in comparison to configuring these settings on your own.