Skip to main content

Managing Access Server's Web Services

This topic describes the web services provided by Access Server. The Admin Web UI lets you easily manage and configure your VPN server, with or without Linux knowledge. The Client Web UI lets users download pre-configured VPN clients and connection profiles easily.

The Admin and Client Web UIs

Access Server has a web interface that hosts two main components: the Admin Web UI and the Client Web UI.

You can find more information about these services from these resources:

Managing web services with the Admin Web UI

The Admin Web UI provides configuration settings for the web services on the Web Server and CWS Settings pages.

On the Web Server page, you can configure certificates and keys for Access Server's web server. This is where you upload SSL certificates and bundles to replace the self-signed certificate Access Server starts with. We recommend setting this up with your custom hostname.

On the CWS Settings page, you can configure access to the web services. Refer to the user manual for more information.

Customizing the look of the Admin and Client Web UIs

You can add your logo and other customizations to the user interfaces. For more information, refer to this tutorial: How to Change the Branding on the Admin and Client Web UIs.

Managing settings for the web services from the command line

You can also manage your web services from the console using the command-line interface (CLI). We provide the following tutorials.

Follow this tutorial to install a signed certificate, private key, and intermediary file from the CLI:

Access Server supports the following branding options:

  1. Displaying your business logo on the Admin and Client Web UI login screens.

  2. Adding a description text string to display on the Admin Web UI.

  3. Removing the “powered by OpenVPN” footer.

Follow this tutorial to make these changes:


There are no branding options for our free VPN client, OpenVPN Connect.

You can change the "Server" HTTP header that the Access Server's built-in web server uses to identify itself to clients (browsers).

The web server built into Access Server 2.9.4 and newer can be provided with additional HTTP headers. This is useful when security scanners test the web interface and require certain headers to be present. You can set multiple headers by specifying multiple configuration keys.

When you authenticate to Access Server's Client Web UI (or client web service, CWS) or Admin Web UI (or admin web services, AWS), your session remains active for a set timeframe. You remain signed in when you are actively doing things on the web page, but your session expires if you're inactive after 30 minutes.

HTTPS-protected web services must define which encryption ciphers they support. This is a balance of security versus compatibility. The strongest security makes the web interface inaccessible on older platforms. We try to choose a default Access Server setting that supports current operating systems and browsers. You can adjust the cipher suite string for your needs.

You can adjust the TLS settings for the Access Server web server from the Admin Web UI or command-line interface (CLI).

When installing Access Server, the web services and OpenVPN daemons listen on all interfaces by default. You can change this in the Admin Web UI or the command-line interface (CLI), which are covered here.

The OpenVPN TCP daemon and the web services are connected. This is done with service forwarding which internally redirects web browser requests made to the OpenVPN TCP daemon, running on the default HTTPS port TCP 443, to where the web services are actually running.

Troubleshooting the web service

Refer to Troubleshooting access to the web service interface.