Access Server Licensing Internet Access Requirements

Yes, using a subscription license requires your Access Server to have direct internet access to the subscription server at asb.sts.openvpn.net on port TCP 443. This connection must not pass through an HTTP proxy server, as any interception or termination of the connection can prevent your Access Server from functioning correctly.

Suppose the connection is temporarily lost after the initial activation. In that case, your Access Server will continue to function normally, even through reboots, by remembering the last successful response from the subscription server. Should the interruption persist, the server will enter a grace period, accepting VPN connections up to the subscription limit. This grace period typically lasts at least two days but can often extend for weeks. However, once the grace period expires, it will revert to allowing only two simultaneous connections if the server cannot reconnect to the subscription server.

The fixed license model also requires internet access only for initial activation and subsequent renewals. Your Access Server needs to connect to licensing.openvpn.net on port TCP 443. Unlike the subscription model, fixed licenses are single-activation only, can't be shared across multiple Access Server nodes, and have a fixed number of connections. You must purchase and activate additional fixed licenses if you need to increase the number of allowed connections.

If you deploy Access Server through Amazon AWS Marketplace, the instance is automatically licensed based on the specific tiered instance you select. These instances are licensed for a set number of connections and require access to awspc1.openvpn.net on port TCP 443. Backup servers are available at awspc2.openvpn.net, awspc3.openvpn.net, and awspc4.openvpn.net. Billing for this type of instance occurs automatically through Amazon AWS.

Only the fixed license model supports offline activation for environments where internet access isn't possible or allowed. You can manually activate your Access Server using a secondary server with internet access or by providing OpenVPN with a hardware activation file. The activated key file can then be manually transferred to the offline Access Server.