Troubleshooting an Access Server Installation
Troubleshoot installation issues with OpenVPN's business VPN software, Access Server.
Overview
The recommended way to install Access Server is with the installation script from the Access Server Hub. The script detects your operating system, configures the correct repository, installs required packages, and checks for common issues.
Use this page if:
The installation script reports an
aptoryumerror.You want to install Access Server manually instead of using the installation script.
Your server doesn't have direct internet access.
The installation script reports a
firewalldor SELinux warning.
Choose your troubleshooting path
Situation | Go to |
|---|---|
The installation script reports an | |
You don't want to use the installation script | |
Your server has no direct internet access | |
The script reports a | |
The script reports a SELinux warning |
Why this happens
apt and yum are package management tools used to install and update software.
Debian and Ubuntu systems use
apt.Red Hat Enterprise Linux and compatible systems use
yum.
The Access Server installation script checks whether your package manager works before installing Access Server. If this check fails, Access Server can't be installed until the package manager issue is resolved.
Procedure
Connect to the console and get root privileges.
Run the appropriate update command:
For Debian or Ubuntu:
apt update
For Red Hat Enterprise Linux 8:
yum update
For Red Hat Enterprise Linux 9 & 10:
dnf update
Review any errors returned by the package manager.
Common errors
Permission denied
If you see an error like this:
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
You need root privileges before running the installation.
Repository no longer available
If you see an error like this:
E: The repository '(...)' no longer has a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default.
Your operating system may be end-of-life and no longer supported by its software repositories.
Important
If your OS is no longer supported, deploy a new instance with a supported OS and migrate Access Server to it. We don't recommend in-place OS upgrades because they can cause package, repository, or service issues.
Archive repositories may be available in some cases, but running an unsupported OS isn't recommended because it no longer receives security updates.
No internet access
If your server can't reach the package repositories, refer to Install Access Server offline.
When to use manual installation
We recommend using the installation script or prepared Access Server images from the Access Server Hub. The installation script detects your operating system and configures the correct software repository.
If your organization doesn't allow you to download and run installation scripts, you can configure the repository and install Access Server manually.
Debian and Ubuntu
Connect to your server and get root privileges.
Install required repository tools:
Add the OpenVPN repository signing key:
Add the repository for your operating system and architecture:
Operating system
Architecture
Repository command
Ubuntu 26.04 LTS
x86_64
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian resolute main">/etc/apt/sources.list.d/openvpn-as-repo.list
Ubuntu 26.04 LTS
ARM64
echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian resolute main">/etc/apt/sources.list.d/openvpn-as-repo.list
Ubuntu 24.04 LTS
x86_64
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian noble main">/etc/apt/sources.list.d/openvpn-as-repo.list
Ubuntu 24.04 LTS
ARM64
echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian noble main">/etc/apt/sources.list.d/openvpn-as-repo.list
Ubuntu 22.04 LTS
x86_64
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
Ubuntu 22.04 LTS
ARM64
echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list
Debian 13
x86_64
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian trixie main">/etc/apt/sources.list.d/openvpn-as-repo.list
Debian 12
x86_64
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/as-repository.asc] http://packages.openvpn.net/as/debian bookworm main">/etc/apt/sources.list.d/openvpn-as-repo.list
Install Access Server:
Red Hat Enterprise Linux
Connect to your console and get root privileges.
Remove any older Access Server repository package:
Operating system
Command
RHEL 9 & 10
dnf -y remove openvpn-as-yum
RHEL 8
yum -y remove openvpn-as-yum
Install the repository package for your operating system:
Operating system
Command
RHEL 10
dnf -y install https://packages.openvpn.net/as-repo-rhel10.rpm
RHEL 9
dnf -y install https://packages.openvpn.net/as-repo-rhel9.rpm
RHEL 8
yum -y install https://packages.openvpn.net/as-repo-rhel8.rpm
Install Access Server:
Operating system
Command
RHEL 9 & 10
dnf -y install openvpn-as
RHEL 8
yum -y install openvpn-as
After installation
After installation completes, Access Server displays the Admin Web UI URL, Client Web UI URL, and temporary credentials:
Then continue with First-Time Setup.
Note
If you install Access Server manually with a package manager and want to use OpenVPN DCO, you may need to install the DCO module separately. Refer to the DCO Tutorial.
Important
Offline installation isn't the recommended method. We recommend using the installation script or official software repository whenever possible so your system can install dependencies and receive updates automatically.
When to use offline installation
If your server has no internet access, you can download the Access Server packages from a machine with internet access, transfer them to your private server, and install them manually.
Offline installation
From a machine with internet access, download the Access Server package and the bundled clients package for your operating system and architecture:
Debian and Ubuntu
Operating system
Architecture
Access Server package
Bundled clients package
Ubuntu 26.04 LTS
x86_64
Ubuntu 26.04 LTS
ARM64
Ubuntu 24.04 LTS
x86_64
Ubuntu 24.04 LTS
ARM64
Ubuntu 22.04 LTS
x86_64
Ubuntu 22.04 LTS
ARM64
Debian 13
x86_64
Debian 12
x86_64
Red Hat Enterprise Linux
Operating system
Architecture
Access Server package
Bundled clients package
RHEL 10
x86_64
RHEL 9
x86_64
RHEL 8
x86_64
Verify your downloaded files against the SHA256 checksums published at Verifying Access Server Downloads with SHA256SUM,
Transfer both downloaded files to your Access Server host using
scpor another file transfer method. For example:scp openvpn-as_3.2.1-d0affc91-Ubuntu24_amd64.deb openvpn-as-bundled-clients-latest.deb user@your-server-ip:~
Connect to the machine without an internet connection and get root privileges.
Install the packages, replacing the placeholder filenames with the actual files you downloaded:
Debian and Ubuntu:
apt install ./<openvpn-as_filename>.deb ./openvpn-as-bundled-clients-latest.deb
RHEL 8:
yum install <openvpn-as-filename>.rpm openvpn-as-bundled-clients-latest.rpm
RHEL 9 and RHEL 10:
dnf install <openvpn-as-filename>.rpm openvpn-as-bundled-clients-latest.rpm
Note
If the package manager reports missing dependencies, install those dependencies from your operating system's package source, then rerun the installation command.
After installation completes, Access Server displays the Admin Web UI URL, Client Web UI URL, and temporary credentials. Then continue with First-Time Setup.
Tip
If the server doesn't have internet access, subscription activation may require an offline activation process. Contact OpenVPN Support for help with offline activation.
Why this warning appears
Warning: firewalld has been detected, this may interfere with the functioning of Access Server.
This warning applies to Red Hat Enterprise Linux 8, 9, and 10, and RHEL-based distributions such as Rocky Linux, AlmaLinux, and Oracle Linux.
Access Server manages its own firewall rules for VPN tunneling and NAT. The firewalld service may overwrite or flush those rules, causing VPN clients to connect but fail to reach internal or internet resources.
Resolution: Remove firewalld
Connect to the console and get root privileges:
sudo su
Stop
firewalld:systemctl stop firewalld
Disable
firewalld:systemctl disable firewalld
Remove
firewalld:RHEL 8:
yum erase firewalld
RHEL 9 & 10:
dnf -y remove firewalld
Reboot the server.
Confirm
firewalldwas removed:systemctl status firewalld
Result: The output should indicate that the service isn't found.
Why this warning appears
Warning: SELinux has been detected, this may interfere with the functioning of Access Server.
This warning applies to Red Hat Enterprise Linux 8, 9, and 10, and RHEL-based distributions.
SELinux is a mandatory access control system. In Enforcing mode, it may prevent Access Server from binding to required ports, writing to log files, or managing network interfaces. This can cause permission errors or service startup failures.
Resolution: Disable SELinux permanently
Open the SELinux configuration file:
nano /etc/selinux/config
Locate this line:
SELINUX=
Change the value to:
SELINUX=disabled
Save and exit — Ctrl + X, Y, Enter.
Reboot the server.
Confirm SELinux is disabled:
getenforce
Result: The output should return Disabled.