To get started with OpenVPN Access Server, it’s helpful to understand these terms:
Determine your network configuration and IP address of your server. This will help you decide which configuration fits your needs — as well as the location for the VPN, web admin UI, and client UI.
Obtain a license key or begin with two, free simultaneous connections. Visit OpenVPN.net to purchase a key, or get started evaluating the product with two connections at no cost.
Install OpenVPN Access Server on the server configuration of your preference:
Complete the initial configuration of OpenVPN Access Server. Once installation completes, the ovpn-init configuration tool should automatically run, allowing you to configure it. If you need to run the tool again, refer to “Why can’t I access the adminclient UI” for instructions.
Use the Admin Web UI to complete configuration. Once you’ve completed the initial configuration, open the URL of the OpenVPN Access Server (may be found at https://x.x.x.x:943/admin where the x.x.x.x represents your IP address from initial configuration). Log in with the root username and password.
Users authenticate with the Connect Client. The user opens a web browser, enters the URL or IP address for your configured network, and signs on with a username and password. Once authenticated, the Connect Client automatically generates an OpenVPN client configuration file. Choose from pre-configured installation options.
User connects to VPN. After the user has authenticated, the client software will initiate a connection.
OpenVPN Access Server supports many setups and deployments. Here are some details with links to more information about each of those.
Linux is the operating system of choice for Access Server and we provide a software package for the popular Ubuntu distribution, in 32-bit and 64-bit versions. The software packages are for installation or upgrading an Access Server installation directly on an Ubuntu OS.
We have detailed information on our Ubuntu page. You’ll find a high level overview for the installation. We also provided visuals of how the system works, with the OpenVPN Server, Admin Web/UI, and Connect Client.
The following may be helpful resources for an Ubuntu deployment:
For the Linux distribution, Debian, we provide a software package to install or upgrade Access Server directly on the OS, for both 32-bit and 64-bit versions.
Find detailed information on our Debian page. It includes an overview of installation as well as a visual display of the setup.
The following may be helpful resources for a Debian deployment:
We provide a software package for Linux RedHat, as Linux is the operating system of choice for Access Server. It’s available for both 32-bit and 64-bit configurations. With it, you can install or upgrade Access Server directly onto your RedHat OS.
We have detailed information on our RedHat page. It includes a high level overview of the installation as well as visuals displaying how the system is set up.
The following may be helpful resources for a RedHat deployment:
We provide you with the installation and configuration tools for CentOS in one simplified package. Quickly deploy Access Server for 32-bit or 64-bit configurations to install or upgrade it directly on your CentOS.
We provide detailed information on our CentOS page with a high-level overview of the installation and a visual display of the system setup.
The following may be helpful resources for a CentOS deployment:
We provide an Ubuntu Hyper-V image download for Microsoft Hyper-V, which is a Windows Server virtualization application. With it, you will install a virtual machine as a Virtual Hard Disk (VHD) Drive. This is a great option for businesses that are most familiar with Microsoft operating systems and want minimal effort to setup a Linux server.
We provide details and installation instructions on our Hyper-V page. It’ll show you the five steps to launch your new virtual machine.
The following may be helpful resources for a Hyper-V deployment:
With our OpenVPN Access Server virtual machine for VMWare ESXi, you can quickly deploy a virtualized VPN server on this bare-metal hypervisor. It has an incredibly low footprint with a lot of flexibility for configuring a VM with the specs you need.
Our VMWare ESXi page provides you with the benefits of this setup, some tips for before you start, and instructions for deploying with the web interface or on a VSphere client.
The following may be helpful resources for a VMWare ESXi deployment:
For businesses with Infrastructure-as-a-Service (IaaS) with Amazon AWS, we’ve provided OpenVPN Access Server in the Amazon Marketplace. This is a great solution for a number of use cases including secure access for system administrators to AWS resources, creating site-to-site VPN connections, and securing IoT or point-of-sales systems on an encrypted, isolated network.
Find information about the benefits right here: OpenVPN Access Server on Amazon AWS.
The following may be helpful resources for an Amazon AWS deployment:
For businesses with Infrastructure-as-a-Service (IaaS) with Google Cloud, we provide OpenVPN Access Server as a virtual machine in Google’s Marketplace. With it, you can provide devices, users and administrators secure, remote access to your private datacenter in the public cloud. You can also bring together on-premises and cloud network environments into one private network.
Learn more about OpenVPN Access Server on GCP. Use our easy to set up SSL/TLS VPN today.
The following may be helpful resources for a Google Cloud deployment:
For businesses with a Virtual Network on Microsoft Azure, we provide OpenVPN Access Server in the Azure Marketplace. With it, you can provide secure connections over the public internet to your private Virtual Network. Access Server gives you a strong tool for managing fine-grained access control.
Learn more about OpenVPN Access Server on Microsoft Azure. Use our easy to set up app to deploy it today.
The following may be helpful resources for a Microsoft Azure deployment:
You can launch a preconfigured solution with our OpenVPN Access Server Droplet on DigitalOcean. With it, you can extend your private networking to remote users and other sites as well as provide secure access to applications deployed on droplets.
Learn more about OpenVPN Access Server on DigitalOcean. Easily create an OpenVPN Access Server droplet through the marketplace or by using the Digital Ocean API.
We provide detailed answers to FAQ on our site, under our Commercial VPN Server Resources page. Refer to that if you don’t see your question in this list:
On this page is an explanation of how the user can easily install the OpenVPN Connect Client with a personalized user profile configuration.
This is the page on the community website that tries to list all other clients.
Domain Name System; it is how the Internet resolves names like openvpn.net to an IP address like 123.45.6789. More information under the FAQ section in the link.
IP forwarding is the ability for the OS to accept incoming network packets that it passes on to another network. Read more in the link.
User Datagram Protocol and Transmission Control Protocol are two different methods of transferring data over the internet. Details about why OpenVPN works best with UDP in the link.
This is an abstracted view of a computer network, explained in the link.
Secure Sockets Layer certifications are part of a security layer for internet traffic. Details in the link.
This page has troubleshooting steps to help you resolve issues with clients connecting to the VPN.
This information can help you test your connections.
This feature, newly introduced in Access Server version 2.7.2, allows you to create a cluster of Access Servers for the purpose of high availability and increased load capacity.
Click on the link for a helpful guide for configuring specific settings, installing a valid SSL certificate, and more.
Refer to this for help on reconfiguring OpenVPN Access Server if it did not run properly during initial configuration.
Refer to this for the command needed to reconfigure Access Server.
This cannot be reset and you must wait for the expiration timeout to pass. You can modify how long the expiration timeout lasts with the instructions in the link.
We provide instructions on how to do this for Ubuntu when you click on the link.
To enable IP forwarding on Ubuntu/Debian you can update the sysctl.conf as described in the instructions in the link.
Information about setting up your own Certificate Authority (CA) is explained here.
Determine whether to use a routed or bridged VPN by reading over this information.
You can create rules and access policies (such as for system administrators, employees, and contractors) using the tips here.
Information about that can be found here.
This details setting up a dynamic DNS to “follow” your server anytime the IP address changes.
Here’s how to setup Access Server to use TCP as the tunnel carrier protocol and then use an HTTP proxy server.
Instructions here will help you configure multiple servers for load balancing and failover.
When you install OpenVPN Access Server and do not provide a license key, it automatically allows two simultaneous VPN tunnel connections.
Log in with your OpenVPN.net account at the link.
No, you can request these free of charge if using our integrated failover functionality. More info on the link.
We will verify your information and help you transfer the keys. This explains how.
Yes, for any license key that has not been activated on a server and is still valid (not expired). More details in the link.
This guide provides detailed information about connecting Windows computers to your VPN.
Refer to this installation guide.
Tunnelblick is the open source project macOS client. It has less functionality than the OpenVPN Connect Client, but does support the option to connect to multiple OpenVPN servers at the same time. More details here.
This link has information about specific error messages.
Scroll down to the “How to get started?” section for this question.
This is an Android requirement for a high priority app.
Answer found on this page about setting this under preferences.
This is dependent on your network providing data during a voice call or not.
Add extra security by using the hardware-backed keystores on many Android devices.
This link has information about specific error messages.
This is a known iOS issue. Details about that here.
Find some basic pointers on this page.
This is from a policy enforced by Apple; more detail in the link.
Details about those in the link.