Skip to main content

Tutorial: How to Back Up Access Server Configuration


Follow these steps to create a backup of your Access Server configuration.


Access Server stores configurations in SQLite database files. You can also migrate to a MySQL-type database, but the SQLite database files are the default setup.

This tutorial shows you how to create a backup of these database files.

Default configuration file locations

The default locations of the configuration files are as follows, depending on your version of Access Server.

In Access Server versions before release 2.6.1:

  • Global server configuration: /usr/local/openvpn_as/etc/db/config.db

  • Server and client certificates: /usr/local/openvpn_as/etc/db/certs.db

  • User and group properties: /usr/local/openvpn_as/etc/db/userprop.db

  • Log database: /usr/local/openvpn_as/etc/db/log.db

  • Debug and low level settings: /usr/local/openvpn_as/etc/as.conf

These were added since Access Server 2.6.1:

  • Local server node configuration: /usr/local/openvpn_as/etc/db/config_local.db

  • Cluster configuration: /usr/local/openvpn_as/etc/db/cluster.db

  • Cluster configuration: /usr/local/openvpn_as/etc/db/clusterdb.db

  • Cluster notification system: /usr/local/openvpn_as/etc/db/notification.db

  • An installed Access Server.

  • Console access with root privileges.


The following commands apply to the Access Server configuration stored in SQLite files. If you are using a different database backend, these are not applicable.

Use the commands below to create configuration file backups while Access Server is live. You don’t need to stop the Access Server for this; it can continue running.

  1. Sign in to the Access Server console with root privileges.

  2. Run these commands to create Access Server configuration backups:

    • After running these commands, the backup files ending in .bak can be found in the /usr/local/openvpn_as/ directory. The files contain everything unique about your Access Server installation.

You can restore the resulting backup files to another Access Server, including a higher version of Access Server, as we try to do our best to maintain backward compatibility.

If the configuration becomes completely lost at any point, all currently installed OpenVPN clients will be unable to connect to this server. Unique information stored in the certificates database cannot be recreated. Each installation of Access Server has unique certificates, and if you lose this information without a backup, you must completely reinstall Access Server and the VPN clients.