Tutorial: How to Back Up Access Server Configuration

Abstract

Follow these steps to create a backup of your Access Server configuration.

Overview

Access Server stores configurations in SQLite database files. You can also migrate to a MySQL-type database, but the SQLite database files are the default setup.

This tutorial shows you how to create a backup of these database files.

Default configuration file locations

The default locations of the configuration files are as follows, depending on your version of Access Server.

In Access Server versions before release 2.6.1:

Global server configuration: /usr/local/openvpn_as/etc/db/config.db
Server and client certificates: /usr/local/openvpn_as/etc/db/certs.db
User and group properties: /usr/local/openvpn_as/etc/db/userprop.db
Log database: /usr/local/openvpn_as/etc/db/log.db
Debug and low level settings: /usr/local/openvpn_as/etc/as.conf

These were added since Access Server 2.6.1:

Local server node configuration: /usr/local/openvpn_as/etc/db/config_local.db
Cluster configuration: /usr/local/openvpn_as/etc/db/cluster.db
Cluster configuration: /usr/local/openvpn_as/etc/db/clusterdb.db
Cluster notification system: /usr/local/openvpn_as/etc/db/notification.db

Prerequisites

An installed Access Server.
Console access with root privileges.

Step 1: Create backup files

Important

The following commands apply to the Access Server configuration stored in SQLite files. If you are using a different database backend, these are not applicable.

Use the commands below to create configuration file backups while Access Server is live. You don’t need to stop the Access Server for this; it can continue running.

Run these commands to create Access Server configuration backups:

which apt > /dev/null 2>&1 && apt -y install sqlite3
which yum > /dev/null 2>&1 && yum -y install sqlite
cd /usr/local/openvpn_as/etc/db
[ -e config.db ]&&sqlite3 config.db .dump>../../config.db.bak
[ -e certs.db ]&&sqlite3 certs.db .dump>../../certs.db.bak
[ -e userprop.db ]&&sqlite3 userprop.db .dump>../../userprop.db.bak
[ -e log.db ]&&sqlite3 log.db .dump>../../log.db.bak
[ -e config_local.db ]&&sqlite3 config_local.db .dump>../../config_local.db.bak
[ -e cluster.db ]&&sqlite3 cluster.db .dump>../../cluster.db.bak
[ -e clusterdb.db ]&&sqlite3 clusterdb.db .dump>../../clusterdb.db.bak
[ -e notification.db ]&&sqlite3 notification.db .dump>../../notification.db.bak 
cp ../as.conf ../../as.conf.bak

After running these commands, the backup files ending in .bak can be found in the /usr/local/openvpn_as/ directory. The files contain everything unique about your Access Server installation.

You can restore the resulting backup files to another Access Server, including a higher version of Access Server, as we try to do our best to maintain backward compatibility.

If the configuration becomes completely lost at any point, all currently installed OpenVPN clients will be unable to connect to this server. Unique information stored in the certificates database cannot be recreated. Each installation of Access Server has unique certificates, and if you lose this information without a backup, you must completely reinstall Access Server and the VPN clients.

In this section: