Introduction
This manual provides documentation for the Admin Web UI in Access Server. It walks you through using the web-based interface to configure your VPN server—no advanced Linux knowledge required.
Important
This user manual is for Access Server 3.0 and newer. Refer to our legacy user manual for older versions.
Access Server can be installed and used for free with up to two simultaneous VPN connections. Additional connections and features are available through subscription licensing.
For more information about Access Server and licensing options, visit the product page on the OpenVPN website.
You can install Access Server on any officially supported Linux distribution.
Refer to our system requirements for the most up-to-date list of compatible operating systems and platform recommendations.
Glossary of terms
We commonly use these terms when referring to topics related to Access Server:
- Access Server
The self-hosted OpenVPN solution that provides secure VPN connections through an encrypted tunnel. It includes integrated certificate management, support for internal and external authentication systems, and bundled client software.
- Admin Web UI
The web-based interface for administrators to configure Access Server settings, manage users and groups, view server status, and control access policies.
- Authentication Method (auth method)
The mechanism Access Server uses to verify user identity. This can include local authentication, LDAP, RADIUS, PAM, or SAML-based single sign-on.
- Client Web UI (CWS)
A web portal hosted by Access Server that end users can access to download connection profiles and preconfigured OpenVPN Connect apps for supported platforms.
- Connection Profile
A file that contains the necessary configuration for a VPN client to securely connect to the Access Server. It doesn't contain user credentials.
- Group
A collection of users with shared access settings or permissions. Groups can be used to simplify management of routing, access control, and authentication behavor.
- Multi-Factor Authentication (MFA)
An additional layer of authentication, typically using a time-based one-time password (TOTP) generated by an app on the user’s device. Used alongside a username and password for added security.
- OpenVPN Connect
The official VPN client developed by OpenVPN Inc., available for Windows, macOS, Android, and iOS. It is the recommended client for connecting to Access Server. For Linux and other platforms, open-source OpenVPN clients are available.
- User
A person who authenticates to Access Server to establish a VPN connection. In technical terms, a user also refers to an account within Access Server that defines identity, permissions, and credentials.
- User Credentials
A set of login details used to authenticate to Access Server, typically consisting of a username and password. If MFA is enabled, a verification code is also required.
The ports listed below are the default settings; you can change them from the Admin Web UI.
Service | Protocol | Default Port |
|---|---|---|
OpenVPN daemons | UDP | 1194 |
OpenVPN daemons | TCP | 443 (shared) |
Web services | TCP | 443 (shared) |
Web services | TCP | 943 |
Accessing resources on a private network via Access Server
You can provide your users access to resources in your private network by establishing an OpenVPN tunnel from the user’s device to an Access Server installed on your private network. This is ideal for users away from the office who may need access to a shared NAS, network, databases, web servers, and more. Access Server, by default, integrates easily into your network by carrying out Source Network Address Translation (SNAT) on incoming packets.
Access Server within a private network with routing
Access Server provides access to connected VPN clients using NAT by default. This allows for easy integration into an existing private network. A limitation of NAT is that it is unidirectional. Communications initiated by the VPN clients to resources on your private network will be unimpeded, but to initiate communication directly from the private network to the VPN clients, you need to use routing. Refer to routing for an overview of configuring these settings.
Routed site-to-site-setup
You can connect two (or more) different networks together using a site-to-site setup with OpenVPN Access Server.
More use cases
We provide additional information about the following use cases: secure IoT communication, secure remote access, protecting access to SaaS, and enforcing zero trust access.
Refer to our getting started topic when you're ready.