Skip to main content

Tutorial: Connect to Access Server with Linux

Abstract

Follow this guide to install the OpenVPN client on Linux to connect to Access Server with a connection profile.

Overview

This tutorial is for Linux users who want to connect to Access Server. You can follow the steps below to connect with one of three options:

  1. The OpenVPN 3 Linux client.

  2. The OpenVPN open-source CLI program.

  3. The Gnome NetworkManager GUI.

Discussed in this tutorial:

  • The OpenVPN 3 Linux client is the openvpn3 package.

  • The OpenVPN open-source CLI program is the openvpn package.

  • The Gnome NetworkManager program uses the NetworkManager-openvpn VPN plugin.

Tip

If you also work with Access Server on the Linux server, that package is openvpn-as. It's not discussed in this guide, but it's helpful to know this to clarify the different packages.

Option 1: Connecting with the OpenVPN 3 Linux client

Follow the steps in these sections to install the OpenVPN 3 Linux client, download a connection profile from Access Server, and connect to your server.

Prerequisites

  • A connection profile for Access Server.

    Tip

    Contact your Access Server administrator if you don't have a connection profile.

  • A supported Linux distribution.

  • Root access to your Linux machine command-line interface (CLI).

Step 1: Install the openvpn3 package

  1. Open the OpenVPN 3 for Linux webpage in a browser.

    Tip

    This page also includes an overview of features and FAQs.

  2. Click Install OpenVPN 3 Linux.

  3. Follow the steps to run the commands under the Stable repository section appropriate for your Linux distribution.

You should now have the openvpn3 package installed.

Step 2: Download a connection profile

After installing, you need a connection profile. Access Server generates this file for your specific user account. It includes the required certificates and connection settings for a VPN session.

  1. Open a web browser.

  2. Enter the URL for your Client Web UI.

  3. Sign in with your user credentials.

  4. Select the user-locked or auto-login profile from the download options.

  5. Save the client.ovpn file to your Linux operating system.

Step 3: Import the connection profile

With the connection profile on your Linux system, import it:

openvpn3 config-import --config ${client.ovpn}

Step 4: Start a VPN session

You can now connect to Access Server.

  • Start a VPN session with the connection profile:

    openvpn3 session-start --config ${client.ovpn}

  • Manage a running VPN session:

    openvpn3 sessions-list

Refer to the OpenVPN 3 Linux community documentation for more.

Option 1: OpenVPN open-source CLI program

You can connect to Access Server with the open-source client program, openvpn. Most Linux distributions have this package available. The openvpn client program supports the option to connect to multiple OpenVPN servers simultaneously, and it includes a server component that can automatically and silently start any auto-login profile in the /etc/openvpn directory even before a user signs in. You can set this service component to launch at startup with tools available in your Linux distribution. On Ubuntu and Debian, when you install the openvpn package, it's automatically configured to start at boot time.

This outlines the necessary steps to connect to Access Server using the OpenVPN open-source client, openvpn.

  1. Install the openvpn package.

  2. Download a connection profile from the Client Web UI.

  3. Import the connection profile.

  4. Start a VPN session.

Install the openvpn package

Use the appropriate Linux install command to install the openvpn package. For example, use this command for Ubuntu:

apt-get install openvpn

Download a connection profile from the Client Web UI

After installing, you need a connection profile. Access Server generates this file for your specific user account.

 

  1. Open a web browser.

  2. Enter the URL for your Client Web UI.

  3. Sign in with your user credentials.

  4. Select the user-locked or auto-login profile from the download options.

  5. Save the client.ovpn file to your Linux operating system.

Import the connection profile

Start a connection with an auto-login profile manually:

openvpn --config client.ovpn

Start a connection with a user-locked profile manually:

openvpn --config client.ovpn --auth-user-pass

Start a connection with the auth-retry parameter for multi-factor authentication:

openvpn --config client.ovpn --auth-user-pass --auth-retry interact

To start an auto-login connection via the service daemon, place client.ovpn in /etc/openvpn/ and rename the file. The name must end with .conf as the file extension. Ensure the service daemon is enabled to run after a reboot, then reboot the system.

The auto-login type profile picks up automatically and the connection starts itself. You can verify this by checking the output of the ifconfig command where you should see a tun0 network adapter in the list.

Notice

The openvpn client doesn't automatically implement DNS servers pushed by the VPN server. To accomplish this, you must install a DNS management program such as resolvconf or openresolv, but those many clash with existing network management software in your OS.

The main reason the openvpn client doesn't do this is that in Windows, macOS, Android, or iOS, there's a single method of handling DNS management, making it easy to create a software client for those operating systems to handle DNS. But Linux has so many variations and supports different programs and methods for DNS, so the openvpn client doesn't include built-in DNS support.

Fortunately, on Ubuntu and Debian, the /etc/openvpn/update-resolv-conf script comes with the openvpn package that handles DNS implementation on those operating systems. Follow these optional steps to activate it.

In this section:

A file with the information for a VPN client to securely connect to Access Server.

Access Server's web server used by clients to download OpenVPN Connect and configuration profiles.