Introduction
OpenVPN Access Server provides an Oracle Cloud VPN that you can get up and running within minutes.
Working with Oracle Cloud, you use their instances, which are Linux-based virtual machines running on virtualized hardware. By using the OpenVPN Access Server instance from their Marketplace, you can launch a VPN hosted in the cloud, with the following benefits:
- Quickly extend your Oracle Cloud private networking to remote users and other sites.
- Create hub-and-spoke network topology, site-to-site, user-to-cloud, and various other secure VPN connections.
- Provide secure, remote access to applications deployed on Oracle Cloud.
Read on for your guide to get started with your VPN server on the web.
Create an instance
To get started, visit the Oracle Marketplace to find the OpenVPN Access Server BYOL VPN and follow these steps:
- Select OpenVPN Access Server BYOL from the Oracle Marketplace.
- Select the latest version and the compartment.
- Review and accept the Oracle terms and click Launch Instance.
- Enter a name for your instance if you want to change it from the generated name.
- Select your virtual cloud network and subnet.
- Generate a new SSH key or input your public SSH key.
- Click Create.
- Add a Network Security Group to your instance with the rules outlined in the table below.
| Direction | Source Type | Source | Protocol | Source Port | Destination Port |
|---|---|---|---|---|---|
| Ingress | CIDR | 0.0.0.0/0 | TCP | All | 943 |
| Ingress | CIDR | 0.0.0.0/0 | TCP | All | 22 |
| Ingress | CIDR | 0.0.0.0/0 | TCP | All | 443 |
| Ingress | CIDR | 0.0.0.0/0 | TCP | All | 945 |
| Ingress | CIDR | 0.0.0.0/0 | UDP | All | 1194 |
Connect to your instance
Once Oracle deploys your new Access Server instance, you can connect with an SSH client. When connecting via SSH, use the username, openvpnas.
ssh -i private-key-filepath openvpnas@instance-public-IP
We provide instructions on how to connect to a common use case for Windows OS users with the PuTTY SSH Client: Connect to Access Server via SSH using PuTTY.
Finish Access Server Installation
The OpenVPN Access Server configuration tool runs automatically the first time you sign into the instance.
For this guide, we assume you choose the default values by pressing ENTER for each choice.
In the last step of the installation process, a randomly generated password for the ‘openvpn’ administrative accounts displays on the console (if you didn’t enter a password during the initial setup).
You can now connect to the Admin Web UI with ‘openvpn’ and the generated password with the URL https://[youripaddress]/admin.
Replace "[youripaddress]" with the static IP address of your server.
Finish Access Server Configuration
To complete configuration, refer to Finishing Configuration of Access Server.
Once you've done that, we recommend a few additional steps, below.
Change default time zone
The default time zone may not be the time zone that you're in. If you are in a different time zone, you can change this setting by running this command, then choose your appropriate time zone:
sudo dpkg-reconfigure tzdata
Install NTP client for automatic time synchronization
We recommend installing the NTP client to keep the time synchronized, but it's especially for those that plan on using multi-factor authentication with TOTP. Run this command:
apt-get install ntp
Update Operating System Software
We recommend updating your Linux OS. From the time we've generated the appliance and you've downloaded and are using it, there are likely a number of updates. To make sure your appliance OS is up to date, execute the following commands:
sudo apt-get update sudo apt-get upgrade
Further security recommendations
We have additional security recommendations we suggest you implement, for all OpenVPN Access Server installations.