Troubleshooting an Access Server Installation
Troubleshoot installation issues with OpenVPN's business VPN software, Access Server.
The recommended installation method is the installation script as offered on the Access Server Portal. If you've followed the instructions to install Access Server and are having problems, read this topic.
Apt and yum are package management programs for downloading and installing new software and getting updates for installed software. Debian/Ubuntu-based systems generally use apt, while RedHat Enterprise Linux-based systems use yum. They use software repositories to retrieve and install software, which is also how Access Server is delivered.
Our Access Server installation script quickly checks to see if your operating system's package management program works correctly. If it reports a problem, there is likely a pre-existing issue with your package management program, which will prevent the installation script from proceeding with the installation of Access Server. Apt or yum must be working correctly before new software can be installed.
To troubleshoot apt or yum further, try running apt update or yum update to retrieve new information from the currently configured repositories and see if any problems are reported.
The package management programs require root privileges to retrieve and install software. If you see an error message like the one shown below, it means you need to gain root privileges first before running the script:
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
If your operating system is no longer supported, the repositories your system is configured to use may have removed support. If you see an error message like the one shown below, it may mean your operating system is no longer supported:
E: The repository '(...)' no longer has a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default.
If you are indeed on an end-of-life operating system, switching to a supported one would be advisable. In some cases, an archive repository may be available that you can use to resolve the error, but running an unsupported system that gets no security updates isn't recommended, and Access Server might not even install on it.
If the problem is a lack of internet access, see the article below on not having (direct) internet access on your server for more details on your options, such as manually downloading the installation files.
If you need further assistance with solving issues with apt or yum, contact our technical support and explain the details of your situation so that we may assist you further.
We highly recommend using our installation script or prepared images from the Access Server portal. It automatically detects the correct operating system and tries to identify any possible issues.
However, downloading and executing a script to install Linux software may not be desirable in some cases due to security considerations. If this is your situation, you can use the information provided here to install the software repository, install the openvpn-as package yourself, and optionally install the openvpn-dco-dkms package for DCO support.
For servers with no internet access, see the item where you have no (direct) internet access on the server. For servers with internet access, you can use the information below to install the repository manually and install the necessary packages.
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian noble main">/etc/apt/sources.list.d/openvpn-as-repo.list
echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian noble main">/etc/apt/sources.list.d/openvpn-as-repo.list
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian trixie main">/etc/apt/sources.list.d/openvpn-as-repo.list
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian bookworm main">/etc/apt/sources.list.d/openvpn-as-repo.list
yum -y install https://packages.openvpn.net/as-repo-rhel10.rpm
yum -y install https://packages.openvpn.net/as-repo-rhel9.rpm
yum -y install https://packages.openvpn.net/as-repo-rhel8.rpm
If, for some reason, your system is isolated from the internet, the normal installation steps won't work, as they rely on having access to the official OpenVPN Access Server software repository. Installing Access Server in this situation is still possible, but it will take additional steps.
Allowing access to the Access Server software repository, even temporarily, would greatly ease the software's installation. If, for example, a proxy server may be used, then configuring the operating system and yum or apt to use this proxy may allow you to install Access Server from the software repository after all.
But if, for some reason, internet access is not possible, then only a completely manual installation remains. To that end, we have a listing of packages that you require for Access Server to be installed, which can be obtained from the Linux distribution of your choice, and separate downloads of the necessary Access Server installation binaries (deb and rpm for the various supported platforms).
To confirm the integrity of a manually downloaded file, refer to SHA256SUM Data.
Important
We highly recommend that you ensure your system can install software and updates directly from our software repository. If this isn't possible, you may use the offline installation instructions below. However, that isn't the recommended method of installing Access Server. We always recommend doing a normal online installation using our prepared images or installation script.
Offline installation instructions
If, for some reason, you can't or won't use the recommended installation via the install script or official Access Server software repository, you can instead download the packages separately to your server and install them. You must be logged on to your Linux system either on the console or via SSH, with root privileges.
Copy and paste the commands below to download the necessary package installer files and install the Access Server client bundle and the Access Server package itself.
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
The Access Server installation files are available for download here:
If the installation script reports:
Warning: firewalld has been detected, this may interfere with the functioning of Access Server.
This applies to Red Hat Enterprise Linux (RHEL) 8, 9, and 10 and RHEL-based distributions such as Rocky Linux, AlmaLinux, and Oracle Linux.
Access Server implements its own iptables/nftables rules to manage VPN tunneling and NAT. The firewalld daemon may overwrite or flush these rules, which can cause VPN clients to connect but be unable to access internal or external network resources.
Resolution: Remove firewalld
We recommend stopping, disabling, and removing firewalld when Access Server is managing firewall rules directly:
sudo su systemctl stop firewalld systemctl disable firewalld yum erase firewalld
After rebooting, confirm firewalld has been removed:
systemctl status firewalld
The output should indicate that the service isn't found.
For additional guidance, see the System Requirements section on security frameworks and firewall services.
If the installation script reports:
Warning: SELinux has been detected, this may interfere with the functioning of Access Server.
This applies to Red Hat Enterprise Linux (RHEL) 8, 9, and 10 and RHEL-based distributions.
SELinux (Security-Enhanced Linux) is a mandatory access control system. In its default Enforcing mode, it may prevent Access Server from binding to required ports, writing to log files, or managing network interfaces. This can result in permission errors or service startup failures.
Resolution: Disable SELinux permanently
To disable SELinux persistently:
Open the configuration file:
nano /etc/selinux/config
Locate the line:
SELINUX=
Change the value to:
SELINUX=disabled
Save and exit — Ctrl + X, Y, Enter.
Reboot the system.
A reboot is required for the change from enforcing to disabled to take effect at the kernel level. After rebooting, confirm SELinux is disabled:
getenforce
The output should return "disabled."
For more information, see the System Requirements section on security frameworks and firewall services.