This guide will step you through the basics for setting up and deploying OpenVPN Access Server. You’ll also find links to detailed guides for specific platforms.
OpenVPN Access Server Components
OpenVPN Access Server consists of three major components:
- OpenVPN Server
- Admin Web UI
- OpenVPN Connect
The VPN server is the underlying component in OpenVPN Access Server. It handles all the background work: routing; tunneling; encryption; user management; authentication; etc.
Admin Web UI
The Admin Web UI provides you with a powerful and easy-to-use web-based admin site. It makes VPN management and configuration simple enough for anybody (with or without Linux knowledge). You can manage options such as layer 2 or layer 3 routing, user permissions, server network settings, authentication, and web server certificates.
OpenVPN Connect is the client interface to connect with the VPN server. Your server has pre-configured clients available for download. Or users can download Connect directly from our site and import profiles by simply entering a URL and their credentials.
Specific Installation Guides
The first step for your installation is to set up the repository to download and launch the OpenVPN-AS package. Click here to choose the package for your operating system: Download OpenVPN.
Installing the OpenVPN-AS Package:
We recommend using the official OpenVPN Access Server software repository for installation. The download page provides you with the specific OS commands for this. For specific Linux distributions, you’ll copy and paste the commands from there to add the repository, install the client bundle and package, and launch the configuration. For cloud platforms and virtual machines, you’ll take alternate steps (outlined in the specific installation guides linked above) to set up your server and launch the configuration.
Once you’ve completed the initial configuration tool, take note of the URLs provided for the Admin and Client UIs. The next step will be to set up the Admin account through terminal by setting the password:
After setting the password, you can log in to the Admin Web UI with the username, openvpn, and the password you set.
Note: In some circumstances for certain configurations, you may need to run the complete ovpn-init script: /usr/local/openvpn_as/bin/ovpn-init.
Configuring the Admin Web UI
With the username and password for your admin account, you can now login to the Admin Web UI through your preferred browser. After completing the Initial Configuration tool on your server, the message provides you a link, which is typically https://[IPaddress]:943/admin. Make sure to replace [IPaddress] with the specific IP of your server. Also, this IP address likely needs to be public facing.
You can now login with your ‘openvpn’ Admin credentials at that address. Once logged in, you’ll see the following:
Configuring Server Network Settings
To ensure that OpenVPN Access Server can be reached over the Internet, the Hostname or IP address must be one that is facing the public Internet. Setting this up will be specific to your network as well as to the location of the server. For instance, within your private network, you may need to set a static IP address and define firewall rules for access. Or, if you’ve deployed a server in AWS, you may prefer to assign an Elastic IP address.
Additionally, you can define a hostname with your business domain. To do this, you’ll add a DNS A record that points to your domain with the value of your Access Server public IP address. You’ll then open the Admin Web UI, navigate to Configuration > Network Settings, and enter a new hostname in the Hostname or IP Address field.
The VPN Settings page allows you to configure options like Dynamic IP Address Network, which is OpenVPN Access Server’s internal DHCP system. By default, the subnet is set to 172.27.224.0/20. This can be changed to a subnet that might work better for your current network.
The routing section gives the option to push certain routes to networks your server is sitting on to remote clients.
There is also an option that allows the administrator to have client internet traffic forwarded through the OpenVPN Access Server.
You may want to reference the Admin Web UI User Manual for information on these sections. Specifically, you can refer to the VPN Settings page of the manual.
The User Permissions page allows you to change settings per client. When you click the icon for More Settings next to each username, you’ll see more configuration options. You can set up auto-login profiles, define settings for a gateway client, and other settings from here. You can find more information on the User Permissions page of the manual.
OpenVPN Connect is available for your end users and devices from your preferred web browser by navigating to the Client UI URL. This typically, https://[IPaddress]:943/. Make sure to replace [IPaddress] with the specific IP of your server.
When users log in to your Client UI, they’ll have the option to download the Connect app of their choice or a connection profile (client.ovpn), which can be imported into a VPN client. You may also download the Connect client directly, then enter the Client UI URL into the app to import the profile after authenticating with your credentials.