DigitalOcean Frequently Asked Questions

Visit our OpenVPN Support Center, where you can submit a support ticket.

Follow the steps in our DigitalOcean Quick Start Guide.

To access the Admin Web UI, point to the public IP address for your instance and sign in with the admin user. The Admin Web UI URL has the following format: https://xxx.xxx.xxx.xxx/admin.

You can download the OpenVPN Connect app from your Client Web UI. You can also download OpenVPN Connect directly from our site and import connection profiles.

Try our frequently asked questions for answers regarding licensing, renewals, purchases, administration, and more.

When you launch a DigitalOcean droplet, you select an authentication method. We recommend choosing an SSH key rather than a password. It's more secure to use SSH keys. Then, you can use a terminal or an SSH client to connect and authenticate with the key. For one way to connect from Windows, refer to our PuTTY tutorial. You can also refer to DigitalOcean’s tips on How to Connect to Droplets with SSH.

If you have Droplets on a private network, they can communicate with each other directly over that network. You can install Access Server on one of those droplets to provide secure access to the private network to VPN clients. To set up access, you add routes on that Droplet for the VPN client subnet. There is, as far as we know, no default gateway that can be used as a means to set up a global static route, so each Droplet that wants to address a connected VPN client directly needs a manually added route:

You can also assign VPN clients static IP addresses so they have the same, predictable IP address each time they connect.

The most common internet access problem occurs with DNS. Refer to DNS Resolution for tips.

We provide recommendations for hardware and infrastructure here: System Requirements.

For security, we recommend authenticating with an SSH key rather than a one-time password. DigitalOcean provides a tool to upload your SSH Key. You can find instructions within that same tool to create a key using Linux, macOS, or Windows. You can find this when you get to the “Create Key” step while creating your Droplet. You can also generate a key using PuTTY.

Access Server requires access for inbound traffic on TCP 22 (SSH), TCP 943 and 443 (web interface), TCP 945 (if you use clustering with Access Server versions prior to 3.0), and UDP 1194 (OpenVPN UDP port for client communication).

You can assign a publicly-accessible static IP address to a Droplet, then reassign it to another Droplet later, as needed, with a Reserved IP address. When you launch a Droplet, DigitalOcean assigns a random IPv4 address that stays with the Droplet until you terminate it. Every new launch means a unique IPv4 address. You can keep the same IPv4 address — regardless of terminating and creating new Droplets — using their Reserved IP address functionality (previously called Floating IP). You can attach or detach this static IP address as needed, keeping the public IP of your server the same. Refer to DigitalOcean's documentation on Reserved IPs.

We recommend using a hostname instead of an IP address. Refer to Hostname.

You can run a cluster of Access Servers to provide a high-availability, active-active setup. Refer to the Cluster Setup topic for details.

When a client connects to Access Server, Access Server assigns it an IP address. You can define a pool of addresses for that assignment or specify a static IP address for each VPN client. Refer to these tutorials:

Refer to our Admin Web UI User Manual.