Skip to main content

IBM VPN Server Setup & Quick Start Guide

Abstract

The IBM Cloud VPN lets you quickly launch Access Server to get your VPN server up and running. Here's how.

Access Server provides an IBM Cloud VPN that you can get up and running within minutes.

Working with IBM Cloud, you choose from one of their services to run on virtualized hardware. By using the Access Server offering in their marketplace, you can launch a VPN hosted in the cloud with the following benefits:

Read on for your guide to getting started with your VPN server on the web.

You need an SSH key to launch the VPC. You'll use this key to connect to the VPC's virtual console to complete Access Server's installation. To create the key:

  1. Sign in to IBM Cloud.

  2. Expand the navigation menu and click Infrastructure > Compute > SSH keys.

  3. Click Create.

  4. Fill out your details for the key and click Create.

To get started:

  1. Find the Access Server option in the IBM Cloud catalog.

  2. Sign in to the IBM Cloud account.

  3. On the product details page, select the Product version.

  4. Set up the Name, Location, Resource group, and Tags.

  5. Define the required values:

    Parameter

    Description

    Value

    instance_profile

    VM size and family profile (e.g., cx2-2x4).

    Refer to IBM documentation for instance profiles information. Default: cx2-2x4.

    region

    IBM Cloud region name.

    Select your region from the drop-down menu.

    region_zone

    Availability zone name within the specified region.

    The availability zone within the region you selected.

    ssh_public_key

    Pre-created SSH public key name for instance access.

    Enter your SSH public key's name created at the start.

    prefix

    Prefix added to the name of all resources that will be created.

    Use a unique prefix for each new resource (like VPC, subnet, security group, gateway, floating, IP, etc.). Default: openvpn-as.

    Tip

    If you want to create one or more Access Server in the same region and zone with existing VPCs, use a unique prefix to avoid creating resources with the same names.

  6. Define any optional variables you want:

    Parameter

    Description

    Value

    dns_domain_name

    DNS domain name (e.g., example.com).

    Define this if you will manage DNS on IBM.

    dns_entry_name

    DNS entry name (e.g., www).

    Define this if you will manage DNS on IBM.

    dns_responsible_person

    Email address of the responsible person for the DNS entry

    Define this if you will manage DNS on IBM.

    vpc_existing_name

    The name of the existing VPC to use.

    Define this to launch an image on an existing VPC.

  7. Check the license agreement and click Install.

  8. After the cart is created successfully and the terraform commands run, you can push Generate plan to estimate costs.

  9. Run Apply plan to create all needed resources.

Once the new image is launched, you can view all the needed info about it:

  1. Expand the navigation menu.

  2. Click Infrastructure > Compute > Virtual server instances.

  3. The new instance details are displayed, such as name, status, and IP address.

  4. Check the other created resources in these locations under Network:

    • VPC

    • Subnet

    • Security groups

    • Public Gateway

    • Floating IP

  5. Use the floating IP address to connect via terminal:

    ssh -i /path/to/your/key.pem root@<floating_ip>
  6. Find the temporary password you'll need to sign in to the Admin Web UI:

    cat /usr/local/openvpn_as/init.log | grep -i '"openvpn" account with .* password'
  7. Change host.name to be public facing so you can access it for signing in:

    sacli ip  #check the public IP of the server
    sacli -k "host.name" -v "PUBLIC_IP" configput
    sacli start
  8. Access The Admin Web UI via these URLs:

    • Admin Web UI: https://PUBLIC_IP:943/admin

    • Client Web UI: https://PUBLIC_IP:943/

  9. You can now follow additional steps here: First-time setup.

You can start right away with two simultaneous connections to your VPN server. To add more connections, purchase a subscription from our site and activate it using the Admin Web UI: Subscription Activation.

The default time zone may not be the time zone that you're in. If you are in a different time zone, you can change this setting by running this command, then choose your appropriate time zone:

sudo dpkg-reconfigure tzdata

We recommend installing the NTP client to keep the time synchronized, but it's especially important for those that plan on using multi-factor authentication with TOTP. Run this command:

apt-get install ntp

We recommend updating your Linux OS. From the time we've generated the appliance and you've downloaded and are using it, there are likely a number of updates. To make sure your appliance OS is up to date, execute the following commands:

sudo apt-get update
sudo apt-get upgrade

Additional Security Steps You Can Take After Installation