HOWTO General

Before installing the OpenVPN Access Server, you will need a host running a Linux distribution supported by OpenVPN-AS (e.g., 64-bit Fedora 22). This server host should have Internet access and should be prepared as follows:

  1. Ensure that SELinux is disabled (disabling SELinux requires a system reboot to take effect).
  2. Configure the server with the interface IP address(es) and domain name desired. Ensure that the network settings will permit OpenVPN clients to access the Access Server, and that the server’s domain name resolves properly to the desired interface address.

Completing the second step usually involves configuring the server in one of the following ways:

  •  The server has a static IP address that is reachable from clients on the Internet, at least for the TCP ports used by Access Server. Preferably, the server has a Fully Qualified Domain Name (FQDN) as its host name.

  •  The server has a dynamic IP address that is reachable by clients on the Internet and a dynamic DNS host name which tracks the changing IP address (this service is offered for free by various providers).

In either case, having the server located on a private network behind a corporate firewall implies that the firewall must be configured to forward client traffic (on the ports used by Access Server) between the public IP address and the server’s private IP address.

Note that the “Connectivity Test” page in the OpenVPN Access Server Admin Web UI can be used to check whether or not VPN clients on the Internet will be able to access your Access Server (with its current network settings).