Tutorial: Connect to Access Server with Linux
Follow this guide to install the OpenVPN client on Linux to connect to Access Server with a connection profile.
Overview
This tutorial is for Linux users who want to connect to Access Server. You can follow the steps below to connect with one of three options:
The OpenVPN 3 Linux client.
The OpenVPN open-source CLI program.
The Gnome NetworkManager GUI.
Discussed in this tutorial:
The OpenVPN 3 Linux client is the openvpn3 package.
The OpenVPN open-source CLI program is the openvpn package.
The Gnome NetworkManager program uses the NetworkManager-openvpn VPN plugin.
Tip
If you also work with Access Server on the Linux server, that package is openvpn-as. It's not discussed in this guide, but it's helpful to know this to clarify the different packages.
Follow the steps in these sections to install the OpenVPN 3 Linux client, download a connection profile from Access Server, and connect to your server.
A connection profile for Access Server.
Tip
Contact your Access Server administrator if you don't have a connection profile.
Root access to your Linux machine command-line interface (CLI).
Open the OpenVPN 3 for Linux webpage in a browser.
Tip
This page also includes an overview of features and FAQs.
Click Install OpenVPN 3 Linux.
Follow the steps to run the commands under the Stable repository section appropriate for your Linux distribution.
You should now have the openvpn3 package installed.
After installing, you need a connection profile. Access Server generates this file for your specific user account. It includes the required certificates and connection settings for a VPN session.
Open a web browser.
Enter the URL for your Client Web UI.
Sign in with your user credentials.
Select the user-locked or auto-login profile from the download options.
Save the client.ovpn file to your Linux operating system.
With the connection profile on your Linux system, import it:
openvpn3 config-import --config ${client.ovpn}
You can now connect to Access Server.
Start a VPN session with the connection profile:
openvpn3 session-start --config ${client.ovpn}
Manage a running VPN session:
openvpn3 sessions-list
Refer to the OpenVPN 3 Linux community documentation for more.
You can connect to Access Server with the open-source client program, openvpn. Most Linux distributions have this package available. The openvpn client program supports the option to connect to multiple OpenVPN servers simultaneously, and it includes a server component that can automatically and silently start any auto-login profile in the /etc/openvpn directory even before a user signs in. You can set this service component to launch at startup with tools available in your Linux distribution. On Ubuntu and Debian, when you install the openvpn package, it's automatically configured to start at boot time.
This outlines the necessary steps to connect to Access Server using the OpenVPN open-source client, openvpn.
Install the openvpn package.
Download a connection profile from the Client Web UI.
Import the connection profile.
Start a VPN session.
Install the openvpn package
Use the appropriate Linux install command to install the openvpn package. For example, use this command for Ubuntu:
apt-get install openvpn
Download a connection profile from the Client Web UI
After installing, you need a connection profile. Access Server generates this file for your specific user account.
Open a web browser.
Enter the URL for your Client Web UI.
Sign in with your user credentials.
Select the user-locked or auto-login profile from the download options.
Save the client.ovpn file to your Linux operating system.
Import the connection profile
Start a connection with an auto-login profile
manually:
openvpn --config client.ovpn
Start a connection with a user-locked profile manually:
openvpn --config client.ovpn --auth-user-pass
Start a connection with the auth-retry parameter for multi-factor authentication:
openvpn --config client.ovpn --auth-user-pass --auth-retry interact
To start an auto-login connection via the service daemon, place client.ovpn in /etc/openvpn/ and rename the file. The name must end with .conf as the file extension. Ensure the service daemon is enabled to run after a reboot, then reboot the system.
The auto-login type profile picks up automatically and the connection starts itself. You can verify this by checking the output of the ifconfig command where you should see a tun0 network adapter in the list.
Notice
The openvpn client doesn't automatically implement DNS servers pushed by the VPN server. To accomplish this, you must install a DNS management program such as resolvconf or openresolv, but those many clash with existing network management software in your OS.
The main reason the openvpn client doesn't do this is that in Windows, macOS, Android, or iOS, there's a single method of handling DNS management, making it easy to create a software client for those operating systems to handle DNS. But Linux has so many variations and supports different programs and methods for DNS, so the openvpn client doesn't include built-in DNS support.
Fortunately, on Ubuntu and Debian, the /etc/openvpn/update-resolv-conf script comes with the openvpn package that handles DNS implementation on those operating systems. Follow these optional steps to activate it.
If you'd like to connect via a GUI, you can use the Gnome NetworkManager VPN plugin, NetworkManager-openvpn. We don't provide the detailed steps here. Refer to the NetworkManager project documentation.
Caution
This requires a tricky setup. If you're setting up your business VPN server to route traffic for some internal resources, while allowing internet traffic to be sent outside the VPN tunnel, this split-tunnel setup isn't supported by the NetworkManager VPN plugin out of the box. You must ensure that internet traffic isn't sent over the VPN by default.
Also, older versions might not understand the .ovpn file format, requiring you to create separate files for the embedded certificates.
However, the advantage of using the GUI component is that you can start/stop the connection from the desktop environment on Linux.