this guide will help you understand the basics for setting up and deploying the OpenVPN Access Server
OpenVPN Access Server consists of three major components:
- OpenVPN Server
- Admin Web Interface/Admin UI
- Connect Client
The VPN server is the underlying component in OpenVPN Access Server that does all of the background work; routing, tunneling, encryption, user management, authentication etc. OpenVPN Access Server comes with a Web GUI that helps to manage the underlying components of the VPN server.
Admin Web Interface:
The Admin Web Interface makes for an easier management interface in OpenVPN Access Server. In the Admin Web Interface an administrator can manage options such as layer 2 or layer 3 routing, user permissions, server network settings, authentication and web server certificates. By default an administrator can access the Admin Web Interface by visiting this address in a web browser: https://openvpnasserverip:943/admin (Please paste this url into your browser and replace "openvpnasip" with the IP or hostname you allocated to your openvpn-as instance)
The Connect Client Interface is a component of OpenVPN Access Server that allows users to connect to the VPN directly through their web browser. The Connect Client also gives the user options to download their configuration files which can be userd on other OpenVPN clients.
In order to install OpenVPN Access Server there are a few things that will need to be looked at;
- Linux Distribution
- CPU Architecture
Note: If you decide to use one of our virtual appliances please refer to one of these guides instead:
You will need to make sure you download the package that corresponds with the current OS Distro, we currently support these Linux Distros:
You will need to make sure you install the correct package depending on your CPU Architecture (32bit or 64bit)
Installing the OpenVPN-AS Package:
To Install the OpenVPN-AS package in Ubuntu or Debian you will need to run this command:dpkg -i openvpnasdebpack.debTo install the OpenVPN-AS package in CentOS, RHEL, or Fedora you will need to run this command:rpm -i openvpnasrpmpack.rpmThe Admin Account for OpenVPN-AS needs to be setup through terminal by doing the following:Change the password:passwd openvpnYou will then be prompted to set a password for the user openvpn, after setting the password you can login to the Admin UI with the Username openvpn and the password you set.Note: In some circumstances for certain configurations you may need to run the complete ovpn-init script terminal: /usr/local/openvpn_as/bin/ovpn-init
Configuring the Admin Web Interface:
After you have completed the Initial Configuration Tool you should then be able to access the Admin Web Interface through your preferred web browser. You should have noticed an link to the Admin Web Interface after you completed the Initial Configuration Tool, if you missed it you can access the Admin Web Interface by typing the following in your browsers address bar: https://openvpnasip:943/admin (Please replace "openvpnasip" with the IP you allocated to your openvpn-as instance)
You can now go ahead and login with your openvpn admin credentials. Once logged in you will see the following screen:
Configuring Server Network Settings:
If you want the OpenVPN Access Server to be reachable from the internet you will need to set the Hostname or IP address to a hostname or IP that is facing the public internet. Please refer to the screenshot below:
The VPN Settings page allows you to configure options like the Dynamic IP Address Network which is OpenVPN Access Server's internal DHCP system. By default the subnet is set to "172.27.224.0/20" this can be changed to a subnet that might work better for your current network.
The routing section gives the option to push certain routes to networks the OpenVPN Access Server is sitting on to remote clients.
There is also an option that allows client internet traffic the ability to be forwarded through the OpenVPN Access Server.
The User Permissions page allows settings per client to be changed. The auto-login profile can be enabled if desired. When you click "show" next to the username you will see more options that can be configured, this is the area where you would define settings for a gateway client:
The Connect Client can be accessed via a preferred web browser by inserting the following address into the address bar:
https://openvpnasip:943 (Please replace "openvpnasip" with the IP you allocated to your openvpn-as instance)
Users have the option to either Connect to the VPN or Login to the Connect Client. When connecting the user will be connected to the VPN directly through their web browser. When the user decides to login to the Connect Client they can download their user configuration files (client.ovpn) and use them to connect to the VPN with other OpenVPN Clients.