Tips for Solving Subscription License Key Issues

Abstract

Troubleshoot issues with an Access Server subscription license key | OpenVPN guide.

This troubleshooting guide is for users who have purchased a subscription license for Access Server. If you're facing issues with your subscription, this guide will help you verify your setup, activate your subscription, remove it if necessary, and troubleshoot common problems. Please note that this guide is specific to the subscription licensing model introduced in Access Server version 2.8.1 and above.

Confirm you're using a subscription license

Before proceeding, ensure that you are using the correct licensing model. A subscription license is a long, flexible activation key that can be shared across multiple servers and requires an internet connection. It is distinct from other licensing models, such as a fixed license.

Example subscription license:

ThisIsAnExampleKeyVGhpcyBpcyBqdXN0IGFuIGV4YW1wbGUga2V5IGFuZCBpcyB0b3RhbGx5IGZha2UuIElmIHlvdSdyZSByZWFkaW5nIHRoaXMsIHlvdSd2ZSBqdXN0IGZvdW5kIGFuIGVhc3RlciBlZ2cgb24gdGhlIG9wZW52cG4ubmV0IHdlYnNpdGUsIGNvbmdyYXR1bGF0aW9ucy4gSSdtIHNvcnJ5LCBidXQgdGhlcmUgaXMgbm8gcHJpemUgYXR0YWNoZWQuIEhhdmUgYSBuaWNlIGRheS4=

Key Details:

Works with Access Server 2.8.1 and above.
Can be used across multiple servers.
Supports monthly or yearly subscription models.
Requires an active internet connection.

If your license key appears different, consult Troubleshooting Tips to determine which license key you're using.

Activate a subscription license

To purchase and activate a subscription license for Access Server:

Sign in or create a new account on our website for the Access Server product.
Click Purchase a Subscription.
Tip
If you already have a subscription, click Activation Keys and purchase more.
Select the connections you need and your preferred billing cycle.
Complete the checkout process to purchase your subscription.
Click to copy your new activation key.
Sign into your Access Server’s Admin Web UI.
Click Configuration > Activation.
Paste the activation key into the field, Enter Activation Key here.
Click Activate.
- Access Server loads the subscription.

Notice

Subscription activation requires Access Server version 2.8.1 or newer. If your Access Server is older, consider upgrading first.

To activate your subscription license from the command line:

Connect to the console and get root privileges.
Switch to the scripts directory:
```
cd /usr/local/openvpn_as/scripts/
```

Load your subscription by pasting it into this command:

./sacli -v "InsertTheSubscriptionActivationKeyHere" LoadSubscription

Verify activation:
```
./sacli SubscriptionStatus
```

Important

Ensure Access Server is version 2.8.1 or higher.
The subscription model overrides other licensing modes.
Only one subscription can be active on a single Access Server.

Removing a subscription license

To remove a subscription license from Access Server:

Using the Admin Web UI

Sign in to the Admin Web UI.
Click Configuration > Activation.
Click Deactivate.

From the command line

Connect to the console and get root privileges.
Switch to the scripts directory:
```
cd /usr/local/openvpn_as/scripts/
```
Run this command to remove the subscription:
```
./sacli DeactivateSubscription
```

Changing the hostname display in the Access Server portal

You can view information about the Access Servers activated with a specific subscription when you sign in to your Access Server Portal. Click Server Information and Email Settings. A hostname displays for the server, which you can change if desired:

Tutorial: Change the Subscription Portal Hostname

Verify connectivity to activation server (failed activation tip)

Issue: Activation fails.

Resolution: This could be caused by an Access Server console that can't access the activation server or an invalid key format:

Activation server access

Ensure connectivity to the activation server (asb.sts.openvpn.net on TCP 443). You can check the connectivity and SSL certificate:

Connect to your console and get root privileges.

Run this command to verify connectivity and check SSL:

echo quit | openssl s_client -showcerts -connect asb.sts.openvpn.net:443 -servername asb.sts.openvpn.net | grep "OpenVPN Inc"

A successful connection and valid SSL certificate would give you an output similar to this:

depth=0 C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = *.sts.openvpn.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = *.sts.openvpn.net
verify error:num=21:unable to verify the first certificate
verify return:1
 0 s:C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = *.sts.openvpn.net
   i:C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = STS Master CA
subject=C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = *.sts.openvpn.net
issuer=C = US, ST = California, L = Pleasanton, O = OpenVPN Inc., CN = STS Master CA
DONE

If you have a different output, specifically with different values for ST, L, O, and CN, check for a firewall or proxy server blocking access. Ensure you add the activation server added to an allowlist.
If you see a connection timeout, connection failure, or connection refused, check for a firewall preventing access.

Invalid key format

Ensure Access Server version 2.8.1 or higher.
- We recommend keeping your Access Server updated.
If the issue persists, verify the activation key was copied correctly.

Using a debug flag

Our support team uses debug flags as a helpful troubleshooting step.

Enable the debug flag with DEBUG_SUBSCRIPTION=2 to start logging subscription information to openvpnas.log. This can help with more detailed troubleshooting.
Refer to this tutorial for more: How To Use Debug Flags.

In this section: