Looking for answers with your Amazon instance of OpenVPN Access Server? We’ve got you covered.

No Results Found

Please try another search or if you would rather speak to someone in our support team, create a support ticket by clicking the button below.

Submit a Support Ticket

You can also browse the topics below to find what you are looking for.

AWS Frequently Asked Questions

Getting started

  • How can I contact support with questions?
  • OpenVPN Access Server has a dedicated support ticket system with professionals standing by 24/7 across the world to answer any questions you may have. To reach our support ticket system, first create a free account. Once you have created an account — or if you already have an account — you can log-in and submit a ticket. We will be in touch right away.

  • How do I set up OpenVPN Access Server in Amazon VPC?
  • We provide detailed instructions in the two guides below. Choose the one that matches your type of licensing.

    1. AWS Quick Start Guide
    2. AWS BYOL Quick Start Guide

  • How do I access the web admin UI?
  • To access the admin web interface, point to the public Elastic IP address you assigned and log in with the admin user you set up. The admin web interface URL has the following format: https://xxx.xxx.xxx.xxx/admin.

  • How can I download connect clients?
  • You can download connection clients that include profiles directly from the public IP address of your Access Server. You can also download clients directly from our site and import profiles from your computer or from your server.

  • Where can I find additional help?
  • If you don’t find your questions here, you can also click on our general Frequently Asked Questions page for questions regarding licensing, renewals, purchases, and administration.

Connectivity

  • How can I connect to my OpenVPN Access Server instance using SSH?
  • Amazon provides information on how to connect to your instance: Connecting to your Linux Instance Using SSH. You can also find specific information for connecting using the PuTTY SSH client from our site: Connecting to your new AMI.

  • How can I set up VPN clients to be reachable from resources running inside my VPC?
    1. From the web admin interface, navigate to VPN Settings > Routing
    2. Choose Yes, using Routing
    3. Disable the source/destination check on the OpenVPN Access Server instance to let the appliance forward traffic from and to clients
    4. Set the OpenVPN Access Server security group accordingly to allow traffic from other IPs in the VPC to reach the clients
    5. Update your private subnet’s routing tables to let the internal VPC router know which subnets are reachable via the Access Server (i.e., VPN client subnets)

  • How come clients cannot access the Internet through Access Server?
  • This may be caused by the DNS settings. When a problem occurs with redirecting VPN client Internet traffic, the most common issue is that domain names are not being resolved to IP addresses by a DNS server. To resolve this, you need to push a valid DNS server. If you don’t know one, you can use Google’s public DNS server. You can update the VPN Settings in the Admin UI to use Google’s servers: 8.8.8.8 and 8.8.4.4. Then save settings and update the server.

Amazon Configuration

  • How can I get help with my AMI not working?
  • If your Amazon Machine Image (AMI) with OpenVPN Access Server is not working, please contact support. We test these images carefully before they are released and found they are in working order. Despite all our care, however, it is possible some configuration settings or some conditions in the environment it is deployed in can cause issues. We’d be happy to look closer at the issue and offer our expertise to try and resolve the problem.

    For technical support, please register for a free account with OpenVPN. Then you can open a Support Ticket.

  • What security group settings do I need for OpenVPN Access Server?
  • OpenVPN Access Server requires access for inbound traffic on TCP/22 (SSH), TCP/953 (HTTPS access to web interface), and UDP/1194 (IANA reserved port for OpenVPN protocol).

  • How do I associate an Elastic IP address?
  • An Elastic IP address is a static IPv4 address used for dynamic cloud computing. Your AWS account is associated with an Elastic IP address. If you’d like more detail, refer to Amazon’s explanation of Elastic IP Addresses.

    It’s best practice to associate an Elastic IP address to your EC2 instance with OpenVPN Access Server so you can easily remap the same address to another instance in case the current instance fails. The Elastic IP address serves as the public IP access point to the admin web interface as well as the tunnel-establishment endpoint for VPN clients.

  • Why do I need to open port TCP/943?
  • Some firewalls on public networks block everything except the most common ports (HTTP TCP/80 and HTTPS TCP/443). For OpenVPN to work well in this situation, by default the OpenVPN daemon listens on the TCP port 443 and can forward incoming web browser requests to a web service on port TCP 943 (since you cannot have both the web server and the OpenVPN server listening on the same port). This feature, called port sharing, allows any incoming HTTPS connection on port 443 to remap to the actual web service running on port 943. At the same time, the OpenVPN daemon is listening on port 443 and can handle incoming tunnel connections. You are then able to bypass existing firewall limitations.

  • My server doesn't show the proper licensed amount, what do I do?
  • If you are using a tiered instance it might be that your instance is unable to reach our online activation servers. For details on this and which ports and IP addresses to open, you can consult our documentation here: https://openvpn.net/vpn-server-resources/troubleshooting-problems-with-software-licensing/

OpenVPN Access Server Configuration

  • How can I set up a high-availability configuration?
  • OpenVPN Access Server offers an active / passive high-availability mode out of the box. Refer to Active / Active High Availability Setup for OpenVPN Access Server for complete details.

  • Can I allow clients to keep their IP addresses?
  • If you don’t want OpenVPN Access Server to translate IP addresses, you can change this setting under VPN Settings > Routing in the admin interface. Choose Yes, using Routing, then disable the source/destination check on the OpenVPN Access Server instance to let the appliance forward traffic to and from clients.

  • Where can I find more details on settings within the web admin UI?
  • For more information about OpenVPN Access Server, refer to our resource page: How to configure the OpenVPN Access Server: The Admin UI.

Don’t See What You're Looking For?

No Problem — We Have 24/7 Support Available.

Submit a Support Ticket