Skip to main content

Verifying Access Server Downloads with SHA256SUM

When downloading Access Server files manually, you can verify that the files you receive are authentic and unaltered. One way to do this is by using SHA256 checksums, which provide a unique signature for each file. You can compare this signature with the one we provide to confirm the integrity of the downloaded files. If the checksum matches, you can be confident that the file is intact and authentic.

SHA256 checksums for Access Server files

Artifacts

File Name

SHA256SUM

openvpn-as-3.1.0_e22fe316-1.el8.x86_64.rpm

2da8e9d8ca7e5a705c5fb801d232393adf22e89428edc2267779a95efc7cdcdb

openvpn-as-3.1.0_e22fe316-1.el9.x86_64.rpm

b6d488a773a24907cbbdbf320a70213f19835de0662dddcddf9299bedaeca9b1

openvpn-as-3.1.0_e22fe316-1.el10.x86_64.rpm

4e102780d32abfa457180a32186b743a4680d620df0534884ea83ca6cb9e49c4

openvpn-as_3.1.0-e22fe316-Debian12_amd64.deb

9f8897038e0de73e9963f414948bca98e39b78c67e7c1cce288d52ba322ce4a9

openvpn-as_3.1.0-e22fe316-Debian13_amd64.deb

bf355cbf79c624cf76e0d1795a70023f5bb01f58c2f6a34a98780b6da795db50

openvpn-as_3.1.0-e22fe316-Ubuntu22_amd64.deb

312b96d27f1fe2e6321b5187d20af76e3a1755565485dd5ed5ea1218a28821a3

openvpn-as_3.1.0-e22fe316-Ubuntu22_arm64.deb

374d5fcffbc922f4ccbfaf3e7cec3c7ae47e083a27bd816a7d989b667de3333c

openvpn-as_3.1.0-e22fe316-Ubuntu24_amd64.deb

2fba3161fbadec7a2167f5e22698e1380a161cac439b6e32628c8000d28a91f9

openvpn-as_3.1.0-e22fe316-Ubuntu24_arm64.deb

7147f3c123a77df1cbbfc875f58c986d7b0fe9dcc4d36ae2f4fa8c44fe8927e7

OAS_3.0.2.ova

f2c86b5018fa3889d6580076eb29b26c3bf776d76f4aef7e05d68a4cc1ab0cbc

OAS_3.0.2.zip

cf1567258b0a728f5919722ccd30b3a582adf56228059ac6f185b36d4c5df800

openvpn-as-bundled-clients-latest.deb

be1e15752555470bee3527d72e49502648f5b1c26248ff00cee607a97d9b2140

openvpn-as-bundled-clients-latest.rpm

843790fa48fed3c784b00d08b9a62f26e499406707d812f515a64f7e32b52418

Scripts

File Name

SHA256SUM

Version

install.sh

dffaf5827f16ff9955beee36dfa3aa6a10a43a342af9faafdaaafd3babf7f40d

1.8

bridge-down.sh

279a3321fd2760d6eb1acb0ba71c9b862bc33c9ced1efa775142d4697b28a848

1.0

bridge-up.sh

5538ee6e9d6cb2e2bb5882d54c69fd044ca89375c1406ad5432877d01369c091

1.0

aws-updown.sh

8ecd0465d6ba39ba376c76f129aaa6ac303c47f9783810b25fe1591e6270a77b

1.0

ipsec.conf

4da7378f563f079ecd635b2fb7201308ab33269b707a71b687c234a6dfb9167d

1.1

ipsec.secrets

46fe56cd944fb8c87c7fbf24d50c9730e361228be5b57a5de04dac0f901fff35

1.0

pascrs.py

a260aaf39d7b8d3cf6474a852c69a50c7929c4839d5a323a1671fbc69949e9b2

1.0

pasvar.py

4c1c45fa98b39d3372a7da1fcc6437241cb46a111ae98cb60a3e08c5428c0a44

1.0

post_auth_custom_auth.py

55f2fdb1d7b38d635b57443f4ab0e9aee2717d94e06ec5b14c36ca4a36397a08

1.0

post_auth_ip_address_checking.py

c62a78ec338815f9548f77d76166b5a2c050d79db6471fcf9f7fc040fa7d3741

1.0

post_auth_ldap_autologin_dbsave.py

8fefb1df6a82dda1181fcb25ae9ae21a44e437196e4829d963ec53394d9ce537

1.1

post_auth_mac_address_checking.py

608074f2de974145d9fd7646359504ab6f07759c4db8f8ab7ff290c4caa1af76

2.1

post_auth_pas_only.py

b4cf2e3d497516c59a4a7ba55aa8a3cbf538940122543652ab03d0f6eabb486f

1.1

post_auth_radius_mapping.py

0d838425e6387e2b0846c86e6ae30c2abc583b938c866911dbbdb306850410b1

2.1

post_auth_saml_group_mapping.py

fac6bea6ecb35c1e069ebe7a2f70460b71071c268661def4ecb80502001ec8e6

1.1

What is SHA256SUM?

SHA256SUM is a tool that generates a 256-bit hash (a unique string of characters) for a file. A calculation based on the file's contents generates this hash, and if even one byte of the file changes, the hash will be completely different. By comparing the hash of your downloaded file with the official hash provided by us, you can verify that the file hasn't been altered or corrupted.

Why verify files with SHA256SUM?

  1. Verifying the file ensures it wasn't corrupted during the download process.

  2. Comparing the checksum helps protect against any unauthorized modifications to the file.

  3. Downloading a file from an official source may not always guarantee safety if the file is intercepted and altered. To ensure the file is legitimate, you should verify the checksum.

How to verify your download

We recommend using the install.sh script from the Access Server Portal, as it leverages the operating system's built-in package manager to automatically authenticate packages with a trusted signing key, eliminating the need for manual verification. However, if preferred, you can manually validate the install.sh script's integrity using the SHA256 checksum provided in the table above.

For offline installations, you can manually check the integrity of any downloaded files using the provided SHA256 hashes. To verify a downloaded file, follow these steps:

  1. Connect to the console and get root privileges.

  2. Download the install script from the Access Server portal or manually download the Access Server file.

  3. Calculate the checksum of your downloaded file:

    sha256sum openvpn-as-x.deb1

    1

    Replace the filename with the file you want to check the integrity of.

  4. After running the command, the tool returns a checksum.

  5. Compare the checksum with the one listed for the file in the scripts table. If it matches, your file is authentic.

Important Notes

  • If you're using the installation script from the Access Server Portal, you can verify the integrity of install.sh by comparing the SHA256SUM and version from the scripts table.

  • The easiest way to ensure the authenticity of Access Server installation files is to use our install script, which leverages the operating system's built-in package manager to authenticate downloaded packages using a trusted signing key. This eliminates the need for manual file verification. However, suppose you prefer downloading the installation files manually, such as for offline installations. In that case, you can authenticate their integrity by comparing the files against the provided SHA256 hashes to ensure they haven't been tampered with or corrupted.

In this section: