Security Advisory

Important update for our Amazon AWS customers


For Amazon AWS customers that use the AWS tiered instances licensed and billed directly through Amazon AWS (the ones with xx connected devices in their names), it's important to ensure your OpenVPN Access Server is up-to-date. The licensing APIs that are used to license these instances will cease supporting TLS 1.0 and TLS 1.1 connections as part of a strategy by Amazon and OpenVPN to meet modern security requirements.

If you have OpenVPN Access Server 2.7.3 or newer, your AWS tiered instance will continue to license properly. Older AWS tiered instances will encounter licensing problems after June 28th, 2023, when the TLS 1.0/1.1 deprecation takes effect. Please note that this affects only AWS tiered instances licensed and billed directly through Amazon AWS. All other licensing forms are unaffected by this change. So this change doesn't affect those using subscriptions or fixed license keys purchased on our site.

Additionally, on April 30th, 2023, the official standard support ends for the Ubuntu 18.04 LTS operating system that our previous Amazon AWS OpenVPN Access Server releases (prior to 2.11.3) are based on. This covers both the support for newer OpenVPN Access Server releases and security updates of the operating system itself. Therefore, we recommend that our Amazon AWS customers using OpenVPN Access Server upgrade to the latest marketplace offering, which is based on Ubuntu 22.04 LTS and OpenVPN Access Server 2.11.3. The operating system on this offering has updates until April 2027 and will also support new upcoming versions of OpenVPN Access Server.

You must upgrade to the latest Amazon AWS Marketplace image for OpenVPN Access Server to get updates after April 2023.


Technically, it's possible to only resolve the licensing issue on Amazon AWS tiered instances by upgrading the OpenVPN Access Server program to version 2.7.3 or newer on the existing instance, but this won't solve the issue of the underlying operating system Ubuntu 18.04 LTS going out of support and no longer receiving software and security updates. Our experience with doing an in-place upgrade of the operating system on Amazon AWS has proven that this is risky and can fail with loss of data as a result.

Therefore to resolve both issues, we recommend that you back up settings and migrate them to a new instance of OpenVPN Access Server launched from the AWS Marketplace. Either you can associate the Elastic IP from the old instance with the new instance, or if you're using a DNS record, you can update the DNS record to point to the new instance's IP address, to complete the migration.

It may also be acceptable to set up a new instance and configure it from scratch for smaller deployments. But with our migration guide, you can retain your settings from the old instance and restore them to the new one.

We provide documentation that guides you through the migration steps. Our support personnel is standing by to assist you if you encounter any challenges or have any questions.