Skip to main content

Tutorial: Set the Interface and Ports for the OpenVPN Daemons

Abstract

Configure OpenVPN daemons on your Access Server by setting interfaces and ports using the Admin Web UI or CLI. This tutorial ensures proper setup and connectivity for your VPN clients.

Overview

The OpenVPN daemons manage OpenVPN tunnel connections. By default, they listen on all available network interfaces, using UDP port 1194 and TCP port 443. You can customize these settings via the Admin Web UI or command-line interface (CLI).

Important

  • Changing interface values may require reinstallation of clients for connectivity.

  • OpenVPN daemons and web services share ports, particularly TCP 443. Ensure proper configuration to avoid access issues.

  • UDP is preferred for OpenVPN tunnels; TCP 443 is a fallback for restricted networks.

  • If you change the interface for OpenVPN daemons, access the web interface using port TCP 943: https://your.vpnserver.com:943/.

  • An installed Access Server.

  • Admin Web UI access or console access with root privileges.

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Network Settings.

  3. Make your changes on the Server Network Settings page.

Important

  • OpenVPN UDP and TCP daemons must listen on the same interface.

  • To use different interfaces, employ iptables for internal traffic redirection.

  1. Connect to the console and get root privileges.

  2. Use the commands below to make your changes:

    • Set the interface name that the OpenVPN daemons should listen on:

      ./sacli --key "vpn.daemon.0.server.ip_address" --value <INTERFACE> ConfigPut
      ./sacli --key "vpn.daemon.0.listen.ip_address" --value <INTERFACE> ConfigPut
      ./sacli start
    • Set a specific port for the UDP OpenVPN daemon:

      ./sacli --key "vpn.server.daemon.udp.port" --value <PORT_NUMBER> ConfigPut
      ./sacli start
      
    • Set a specific port for the TCP OpenVPN daemon:

      ./sacli --key "vpn.server.daemon.tcp.port" --value <PORT_NUMBER> ConfigPut
      ./sacli start
    • Restore default settings:

      ./sacli --key "vpn.daemon.0.server.ip_address" --value "all" ConfigPut
      ./sacli --key "vpn.daemon.0.listen.ip_address" --value "all" ConfigPut
      ./sacli --key "vpn.server.daemon.udp.port" --value "1194" ConfigPut
      ./sacli --key "vpn.server.daemon.tcp.port" --value "443" ConfigPut
      ./sacli start