Skip to main content

Tutorial: Adding Users to Access Server

Abstract

This tutorial covers authentication, creating users, and downloading OpenVPN Connect.

Overview

This document provides an overview of setting up authentication, creating users, and downloading OpenVPN Connect, which are all essential to launching your VPN.

Prerequisites

  • An installed Access Server.

Step 1: Set up authentication

Configure your server's authentication before adding any user accounts. The default authentication method is local, where the authentication resides on your server. If you choose this authentication method, you can skip forward to adding new users.

For other authentication methods, refer to the appropriate tutorial:

Step 2: Add new users in the Admin Web UI

Tip

This is an important step for local authentication. If you use LDAP, RADIUS, or SAML, your users should exist with your identity provider. You can add them in the Admin Web UI to create access control rules, a recommended security step.

  1. Sign in to the Admin Web UI.

  2. Click User Management > User Permissions.

  3. Enter the username in the New Username field on the last table row.

  4. Configure the settings for the new user with the checkboxes:

    • Click Admin to promote the user to an admin.

    • Click Allow Auto-login to allow downloading an auto-login profile.

    • Click Deny Access to prevent the user from gaining access to the server.

    • Click Delete to remove the user profile from Access Server.

  5. Click More Settings.

    • Additional user settings display.

  6. Select the user's authentication method.

    Tip

    You can leave the authentication as the default method or choose a different authentication method by selecting the radio button. If the option is disabled, you must first configure the authentication method before it’s available for users.

  7. Enable MFA if desired.

  8. Enter a password in the Password field.

  9. Select between dynamic or static IP address assignments.

    Important

    If you assign a static IP address, ensure it's within the network defined in Configuration > VPN Settings.

  10. Select between NAT or routing.

  11. Limit your user to specific networks by entering the subnets under Allow Access To these Networks.

  12. Select whether to create the user as a gateway client.

  13. Permit traffic from the server to the client with the DMZ settings. Ensure you specify the IP address, port, and service. The image below shows how an Access Server node with the IP address 192.168.102.111 can send traffic to the user client using the TCP protocol on port 80:

    DMZ-IP-Address.png

Step 3: Download OpenVPN Connect from the Client Web UI

Once you've set up your users, they can sign in to your Access Server Client Web UI and download either a preconfigured OpenVPN Connect client or a profile file. If you’ve already set up a hostname, your users can navigate to that hostname in a browser, such as vpn.example.com. If you aren’t using a hostname, your users must go to the IP address of your server. Users sign in with their credentials on the Client Web UI and choose which app they want to download for their OS.

Your users can also download OpenVPN Connect directly from our website. After downloading, they install and launch the app, click to add a new connection, enter the Client Web UI URL with their credentials, and import their profile.

Step 4: Purchase a subscription license to add connections

Access Server provides you with two free connections. You can test out your network setup prior to making any commitments or purchases. When you’re ready to add more devices, you can purchase a subscription.

You can find details about pricing here: Access Server Pricing.

In this section: