Looking for answers with your DigitalOcean instance of OpenVPN Access Server? We’ve got you covered.

No Results Found

Please try another search or if you would rather speak to someone in our support team, create a support ticket by clicking the button below.

Submit a Support Ticket

You can also browse the topics below to find what you are looking for.

DigitalOcean Frequently Asked Questions

Getting started

  • How can I contact support with questions?
  • OpenVPN Access Server has a dedicated support ticket system with professionals standing by 24/7 across the world to answer any questions you may have. To reach our support ticket system, first create a free account. Once you have created an account — or if you already have an account — you can log-in and submit a ticket. We will be in touch right away.

  • How do I set up OpenVPN Access Server in DigitalOcean?
  • We provide detailed instructions in our DigitalOcean Quick Start Guide.

  • How do I access the web admin UI?
  • To access the Admin Web UI for your OpenVPN Access server, point your web browser to the public IP address assigned to your Droplet and log in with the admin user you set up. The admin web interface URL has the following format: https://xxx.xxx.xxx.xxx:943/admin.

  • How can I download connect clients?
  • You can download connection clients that include profiles directly from the public IP address of your Access Server. You can also download clients directly from our site and import profiles from your computer or from your server.

  • Where can I find additional help?
  • If you don’t find your questions here, you can also click on our general Frequently Asked Questions page for questions regarding licensing, renewals, purchases, and administration.

Connectivity

  • How can I connect to my OpenVPN Access Server instance using SSH?
  • When you launch a Droplet on DigitalOcean’s web admin interface, you are asked to select a public SSH key to load into the Droplet, or to have a one-time password mailed to you. Using that SSK key or the password, you can then use a suitable SSH Client, such as PuTTY for Windows, to connect to the public IP address of your Droplet. The username will usually be the default, root.

    We provide instructions in our Quick Start guide for connecting using PuTTY SSH Client, or you can refer to DigitalOcean’s tips on How to Connect to Droplets with SSH.

  • How can I address VPN clients directly from the DigitalOcean private network?
  • If you have a private network set up for your Droplets, they will be able to communicate with each other directly over that network. If one of the nodes in that network runs Access Server and you wish to allow the other nodes to directly address a particular VPN client, you can do so by manually adding a route on the Droplet that wishes to address the VPN client subnet. There is, as far as we know, no default gateway that can be used as a means to set up a global static route, so each Droplet that wants to address a connected VPN client directly will need to have a route added manually:

    1. From the Admin Web UI, navigate to VPN Settings > Routing
    2. Choose Yes, using Routing
    3. Specify the private network that is in use on your DigitalOcean private network
    4. Add a route to the Droplet that wishes to address VPN clients directly by pointing the VPN client subnet to the private IP of the Access Server in yoru DigitalOcean private network

    You may want to consider giving specific VPN clients static IP addresses in the User Permissions page, so that whenever a particular VPN client connects, it always has the same predictable IP address.

  • How come clients cannot access the Internet through Access Server?
  • This may be caused by the DNS settings. When a problem occurs with redirecting VPN client Internet traffic, the most common issue is that domain names are not being resolved to IP addresses by a DNS server. To resolve this, you need to push a valid DNS server. If you don’t know one, you can use Google’s public DNS server. You can update the VPN Settings in the Admin Web UI to use Google’s servers: 8.8.8.8 and 8.8.4.4. Then save settings and update the server.

DigitalOcean Configuration

  • What options should I choose for setting up my Droplet?
  • If you are setting up OpenVPN Access Server for the first time, we recommend choosing the Standard Droplet configuration. We provide helpful information about the various options in our quick start guide, under the section, Creating a Droplet.

  • How can I create an SSH key?
  • We recommend authenticating with an SSH key rather than a one-time password, for security. DigitalOcean provides a tool to upload your SSH Key. You can find instructions within that same tool to create a key using Linux, macOS, or Windows. These are found when you choose “Create Key” during the creation of your Droplet. You can also create SSH Keys using PuTTY.

  • Which incoming ports does OpenVPN Access Server use?
  • OpenVPN Access Server requires access for inbound traffic on TCP 22 for SSH, TCP 443 for OpenVPN TCP tunnel connectivity and HTTPS web interface, TCP 943 as dedicated port for web interface, TCP 945 for clustering functionality (only if enabled) and UDP 1194 for OpenVPN UDP tunnel connectivity.

  • How do I assign a Floating IP address?
  • On DigitalOcean, it is possible to get an IPv4 address that is static and does not change. Normally, when you launch a Droplet, it gets a random IPv4 address that stays with that Droplet until you terminate it. Every new launch means a random selection of an IPv4 address.

    If you have a need for the same IPv4 address at all times, regardless of what actions you take with terminating and creating new Droplets, you can use the Floating IP functionality. You can attach or detach such a static IP to or from a Droplet at will. This ensures the public IP of your server is always the same. This can be managed through both the DigitalOcean Control Panel and the DigitalOcean API. Refer to DigitalOcean’s documentation on Floating IPs.

    NOTE: With OpenVPN Access Server, we typically recommend using a hostname, rather than an IP address. The later is more likely to change, which would affect client connectivity. Instead, as an example, vpn.example.com would resolve to 123.45.67.89, the public IP of your OpenVPN Access Server Droplet. To do this, you would set a DNS A record on a domain you own or manage, pointing to the IP. You then set this in the ‘hostname or IP address’ field under Network Settings in the Admin Web UI. The URL, vpn.example.com, would then be used by all future installations of VPN clients on client computers. If the public IP address of your Access Server changed, for whatever reason, you simply update the DNS record to point to the new IP address and your VPN clients will fall in line automatically. If, however, you configure your Access Server and VPN clients to use an IP address only, if that IP address changed, then your VPN clients would need to be reinstalled or reconfigured to connect to the new IP address. Or you could use a Floating IP on DigitalOcean, so that in the event of a Droplet failure, you could launch a new copy from a backup image made previously, reattach the same Floating IP to the new Droplet, and the VPN clients fall in line.

    It is still recommended to use a DNS hostname address.

OpenVPN Access Server Configuration

  • How can I set up a high-availability configuration?
  • OpenVPN Access Server supports a high-availability solution using clustering functionality. Multiple Access Server nodes share the same configuration and a single, DNS round-robin address connects each client with an available node. For complete details, refer to Understanding Clustering with OpenVPN Access Servers.

  • Can I allow clients to keep their IP addresses?
  • If you have a private network set up for your Droplets, they will be able to communicate with each other directly over that network. If one of the nodes in that network runs Access Server and you wish to allow the other nodes to directly address a particular VPN client, you can do so by manually adding a route on the Droplet that wishes to address the VPN client subnet. There is, as far as we know, no default gateway that can be used as a means to set up a global static route, so each Droplet that wants to address a connected VPN client directly will need to have a route added manually:

    1. From the Admin Web UI, navigate to VPN Settings > Routing
    2. Choose Yes, using Routing
    3. Specify the private network that is in use on your DigitalOcean private network
    4. Add a route to the Droplet that wishes to address VPN clients directly by pointing the VPN client subnet to the private IP of the Access Server in yoru DigitalOcean private network

    You may want to consider giving specific VPN clients static IP addresses in the User Permissions page, so that whenever a particular VPN client connects, it always has the same predictable IP address

  • Where can I find more details on settings within the web admin UI?
  • For more information about OpenVPN Access Server, refer to our resource page: How to configure the OpenVPN Access Server: The Admin UI.

Don’t See What You're Looking For?

No Problem — We Have 24/7 Support Available.

Submit a Support Ticket