Access Server Deployment

Compatible Linux Operating Systems

You can install Access Server on any supported Linux operating system. Refer to OpenVPN Access Server system requirements for the compatible operating systems.

Access Server Deployment Terminology

We commonly use these terms listed below when referring to topics related to OpenVPN Access Server:


OpenVPN Access Server

The software solution for your own self-hosted OpenVPN server with integrated certificate management, internal and external authentication systems, and bundled client software.

It is the VPN server solution that allows access to network resources via an encrypted VPN tunnel using the OpenVPN protocol.


An account name in OpenVPN Access Server that is used for authentication and access control.

The person using the solution to get access to resources.

User Credentials

A set of account name and password to authenticate a user. Can optionally include MFA codes.


Multi-Factor Authentication; usually a Time-Based One-Time Password (TOTP) that is generated on a separate user device and changes regularly.

A code that may be required for authentication in addition to account name and password.

Connection Profile

A file which contains the required information for an OpenVPN client to securely connect to the OpenVPN server. It doesn’t include user credentials.

OpenVPN Connect

A required client program available for Windows, macOS, Android, and iOS, that establishes the OpenVPN connection.

For Linux and other operating systems there are also open source client programs available.

Admin Web UI

A web service running on the Access Server which is used by the administrator to configure settings and manage user access.

Client Web UI

A web service running on the Access Server which a user can access to obtain connection profiles and OpenVPN Connect apps.

Default Ports

The ports listed below are default and can be altered via the Admin Web UI.

Default Services and Ports

ServiceProtocolDefault Ports
OpenVPN daemonsUDP1194
OpenVPN daemonsTCP443 (shared)
Web servicesTCP443 (shared)
Web servicesTCP943
Clustering APITCP945

Sample Topologies

Accessing resources on a private network via Access Server

You can provide your users access to resources in your private network by establishing an OpenVPN tunnel from the user’s device to an OpenVPN Access Server installed on your private network. This is ideal for users away from the office who may need access to a shared NAS, network, databases, web servers, and more. Access Server by default integrates easily into your network by carrying out Source Network Address Translation (SNAT) on incoming packets.

Access Server within a private network with routing

By default, Access Server provides access to the connected VPN clients by using NAT. This allows for easy integration into an existing private network. A limitation of NAT is that it is unidirectional. Communications initiated by the VPN clients to resources on your private network will be unimpeded, but to have communication initiated from the private network to the VPN clients directly, you need to use routing. Refer to routing for an overview of configuring these settings.

Routed site-to-site setup

You can connect two (or more) different networks together using a site-to-site setup with OpenVPN Access Server. Refer to Site-to-Site VPN Routing Explained in Detail.

More use cases

We provide additional information about the following use cases: secure IoT communication, secure remote access, protecting access to SaaS, and enforcing zero trust access.

Getting Started

Refer to the Quick Start Installation for launching OpenVPN Access Server.