OpenVPN Access Server Admin Manual
OpenVPN Access Server Admin Manual
About the page
This guide provides instructions and basic configuration examples for the commercial OpenVPN Access Server product. Access Server is free to download and install for testing and trial purposes, and when unlicensed, will allow a maximum of two simultaneous VPN connections. This page provides you with a brief overview and links to pages with insight on how to set up Access Server and many of its capabilities. The following benefits show you how Access Server meets the need of the traditional VPN while providing the user with an optimal experience for delivering strong security for their networks.
Simplified server configuration
Access Server presents the administrator with the most useful configurations of the many options supported by the sophisticated OpenVPN server and clients. An easy-to-use, Web-based configuration interface makes setting up and maintaining the Access Server deployment straight-forward and efficient.
Support for external user authentication database
Rather than requiring you to create and manage credentials for each valid VPN user, OpenVPN Access Server offers the ability to integrate with existing user authentication systems using PAM, an external LDAP, or external RADIUS servers.
Easy intuitive Web-Based client access
Once a user opens a Web browser, they can enter their credentials to download pre-configured OpenVPN Connect installers for Windows, Linux, macOS, Android, or iOS. Since the installer file was dynamically generated specifically for the user in question, that user can instantly connect to the VPN without the need for additional client-side configuration.
Compatibility with a large base of OpenVPN clients
OpenVPN Access Server is immediately compatible with many OpenVPN clients such as the community projects.
Installing Access Server
The first step for setting up your VPN is installing Access Server on your hardware, whether that's onsite or in the cloud. Most Linux compatible operating systems can install Access Server. Access Server is also available on Microsoft Azure, Google Cloud, DigitalOcean, Oracle Cloud, VMware ESXi, and Hyper-V. For ESXi, it is possible for you to convert this to a compatible image for VMware Fusion (macOS) and VMware Workstation (Windows OS) but we at OpenVPN do not provide support for this. We also have ready instances of Access Server in the AWS Marketplace. Please read the section below, then the Installation Options page, and lastly read the guides for deployments of Access Server that fit your needs.
Prepare the Server
Before performing the installation of OpenVPN Access Server, the following steps should be taken to prepare the server platform:
- Ensure that SELinux is disabled. Disabling SELinux requires a system reboot to take effect.
- Configure the server with the interface IP address(es) and domain name desired. Ensure that the network settings will permit OpenVPN clients to access the Access Server, and that the server's domain name resolves properly to the desired interface address.
Completing the second step usually involves configuring the server in one of the following ways:
- The server has a static IP address that is reachable from clients on the Internet, at least for the TCP ports used by Access Server (click here). Preferably, the server has a Fully Qualified Domain Name (FQDN) as its host name.
- The server has a dynamic IP address that is reachable by clients on the Internet and a dynamic DNS host name which tracks the changing IP address. This service is offered for free by various providers.
If you choose to have your server located on a private network behind a corporate firewall, the firewall must be configured to forward client traffic between the public IP address and the server's private IP address.
AWS EC2 Tiered License Appliance
AWS EC2 BYOL Appliance
Microsoft's Azure Platform
Google Cloud Platform
Digital Ocean VPN
Quick Start Access Server Installation
First Time Login
Once you have installed Access Server, you can configure the server with the Admin Web UI or using command line interfaces. However, it is assumed that you will be using the Admin Web UI since it removes a reasonable amount of technical and syntactic knowledge necessary to configure via the command line. The following guide explains how to login to the Admin Web UI for the first time:
Admin Web UI Reference
The Access Server Admin Web UI, provides you with a clean, simple interface for configuring numerous settings. Refer to our reference manual for detailed information about these settings and configurations. However, if you wish not to use the Admin Web UI, you can configure Access Server via the command line on your server. Follow the link for information about those command line interface tools.
Database Management, Recovery and Backup
Access Server stores user credentials within a local, SQLite 3 database (default configuration) or a MySQL-compatible database. Which database depends on whether or not you configure Access Server within a cluster of servers. We strongly suggest that you set up automatic backups in case of server failure. You should create an automated backup even if you have provided the server with failover; there is always the possibility that the database(s) used in your failover may be corrupted which will necessitate the use of a backup.
The following links will help you understand how to configure the management of your database. You will be able to automate backups of your database once you have grasped an understanding of how Access Server stores its data. Then familiarize yourself with repairing the database. These will vary depending on which type of database you use. By default, SQLite 3 is used. We provide a guide on repairing Access Server Configuration for SQLite 3. Then focus on your server's failover system. Your VPN failover depends on the setup of your server. For example, a server with the default local area configuration will use two nodes to interchange when one node fails whereas a server configured as a cluster will use multiple nodes acting as access points while being backed up by a MySQL-compatible database.
Changing the Settings in Access Server and Connect Clients
Once Access Server is installed, is accessible, and has a proper recovery for failsafe, you are ready to configure the server for your needs. The Admin Web UI greatly reduces the complexity of configuring your server.
Adding and Configuring Users
Configure Network Settings using the Admin Web UI
Installing a Valid SSL Web Certificate in Access Server
Assigning a Static VPN Client IP Address to a User
Change the Logo on the Web Server Interfaces
Connecting Users to Access Server
Once the Access Server is setup and configured, the next step is allowing devices to connect to your server. Access Server supports various clients on various different operating systems. We provide ready-to-download Connect Clients for many of the most commercial operating systems which include iOS and Android. For other operating systems, try looking in our community page.
After Installation and Configuration
Once you are able to successfully connect clients to your server, you should take several, final steps for completing your setup. Unfortunately, some of the default configurations will leave your server's security slightly compromised. Therefore we have some recommendations to improve security by removing these defaults (such as the bootstrap admin account) and some other tidbits of information that should generally be practiced. Once you have improved your server's security, the next step will be to purchase an activation key. OpenVPN offers different deals, and the amount of users you will want to grant concurrent access will vary based on different user needs. We encourage you to read both documents below and highly recommend that you consider your requirements before making a decision.
Access Server provides a relatively simple user interface that makes configuring the settings for your VPN simple and easy. You should now have a deeper understanding of the capabilities that the Access Server Web UI provides as well as the advantages and conveniences compared to command line configuration. The next step is configuring Access Server to your needs. If you require more information please click the Go Back button on the top of this page to search through the full documentation of OpenVPN.