Securing OpenVPN Access Server

Learn how to secure the root user account, OpenVPN administrative account, and harder web server cipher suite string

In this tutorial

This tutorial covers three suggested steps for increasing the security of your Access Server:

  • Securing the root user account
  • Securing the OpenVPN admin account
  • Hardening the web server cipher string

Securing the root user account:

  1. Login to Linux with root access
  2. Enter command passwd
  3. Enter a new password for the root Linux account
  4. Re-enter to confirm the password
  5. password updated successfully

Securing the OpenVPN admin account by disabling the bootstrap user:

  1. Change directory to /usr/local/openvpn_as/etc
  2. Edit as.conf file
  3. Comment out ‘boot_pam_users.0=openvpn’
  4. Restart the openvpnas service

Hardening the web server cipher string

  1. Change directory to /usr/local/openvpn_as/scripts
  2. Use the sacli tool from this directory
  3. Enter the command to update your string: ./sacli –key “cs.openssl_ciphersuites” –value ‘[enter your preferred cipher suite string here]’ Configput
  4. Do a warm restart using sacli: ./sacli start
  5. View results with confdba tool by entering ./confdba -s