Access Server Deployment
Access Server Deployment
Compatible Linux Operating Systems
You can install Access Server on any supported Linux operating system. Refer to OpenVPN Access Server system requirements for the compatible operating systems.
Access Server Deployment Terminology
We commonly use these terms listed below when referring to topics related to OpenVPN Access Server:
Terminology
Term | Definition |
---|---|
OpenVPN Access Server | The software solution for your own self-hosted OpenVPN server with integrated certificate management, internal and external authentication systems, and bundled client software. It is the VPN server solution that allows access to network resources via an encrypted VPN tunnel using the OpenVPN protocol. |
User | An account name in OpenVPN Access Server that is used for authentication and access control. The person using the solution to get access to resources. |
User Credentials | A set of account name and password to authenticate a user. Can optionally include MFA codes. |
MFA | Multi-Factor Authentication; usually a Time-Based One-Time Password (TOTP) that is generated on a separate user device and changes regularly. A code that may be required for authentication in addition to account name and password. |
Connection Profile | A file which contains the required information for an OpenVPN client to securely connect to the OpenVPN server. It doesn’t include user credentials. |
OpenVPN Connect | A required client program available for Windows, macOS, Android, and iOS, that establishes the OpenVPN connection. For Linux and other operating systems there are also open source client programs available. |
Admin Web UI | A web service running on the Access Server which is used by the administrator to configure settings and manage user access. |
Client Web UI | A web service running on the Access Server which a user can access to obtain connection profiles and OpenVPN Connect apps. |
Default Ports
The ports listed below are default and can be altered via the Admin Web UI.
Default Services and Ports
Service | Protocol | Default Ports |
---|---|---|
OpenVPN daemons | UDP | 1194 |
OpenVPN daemons | TCP | 443 (shared) |
Web services | TCP | 443 (shared) |
Web services | TCP | 943 |
Clustering API | TCP | 945 |
Sample Topologies
Accessing resources on a private network via Access Server
You can provide your users access to resources in your private network by establishing an OpenVPN tunnel from the user’s device to an OpenVPN Access Server installed on your private network. This is ideal for users away from the office who may need access to a shared NAS, network, databases, web servers, and more. Access Server by default integrates easily into your network by carrying out Source Network Address Translation (SNAT) on incoming packets.
Access Server within a private network with routing
By default, Access Server provides access to the connected VPN clients by using NAT. This allows for easy integration into an existing private network. A limitation of NAT is that it is unidirectional. Communications initiated by the VPN clients to resources on your private network will be unimpeded, but to have communication initiated from the private network to the VPN clients directly, you need to use routing. Refer to routing for an overview of configuring these settings.
Routed site-to-site setup
You can connect two (or more) different networks together using a site-to-site setup with OpenVPN Access Server. Refer to Site-to-Site VPN Routing Explained in Detail.
More use cases
We provide additional information about the following use cases: secure IoT communication, secure remote access, protecting access to SaaS, and enforcing zero trust access.
Getting Started
Refer to the Quick Start Installation for launching OpenVPN Access Server.