Skip to main content

Verifying Access Server Downloads with SHA256SUM

When downloading Access Server files manually, you must ensure that the files you receive are authentic and have not been tampered with. One way to do this is by using SHA256 checksums, which provide a unique signature for each file. You can compare this signature with the one we provide to confirm the integrity of the downloaded files. If the checksum matches, you can be confident that the file is intact and authentic.

SHA256 checksums for Access Server files

Artifacts

File Name

SHA256SUM

openvpn-as-2.14.1_ff013d4d-1.el8.x86_64.rpm

df1d076c000e2e4449118b60f01d4e71c239eefa8d55b262918ecaa560fe322c

openvpn-as-2.14.1_ff013d4d-1.el9.x86_64.rpm

a47a3922750648ab795168ba6e7ee9af2902c11e96353c1cb26be0a42751736e

openvpn-as_2.14.1-ff013d4d-Debian11_amd64.deb

62cf81deab438bca47647843a1c803cd1baf7272c2babcbe76325805d289623f

openvpn-as_2.14.1-ff013d4d-Debian12_amd64.deb

63d8630535f7a884cee3d8f1fb3a9a1e780d42182d4309b79c8f5b362e613b3d

openvpn-as_2.14.1-ff013d4d-Ubuntu20_amd64.deb

d921dfe408de3375d86f83f3353a68b6a55e336ae5c8fb4d3ad8900d666cbcdf

openvpn-as_2.14.1-ff013d4d-Ubuntu20_arm64.deb

089bccc2a2cda5eb3308910d7d29e3c9774eacc6a46602877fbfbce5e06a6dd5

openvpn-as_2.14.1-ff013d4d-Ubuntu22_amd64.deb

b077962b6211c205e79f1e7bf8808cf10db7d83b8489773e087a3bf28652e2eb

openvpn-as_2.14.1-ff013d4d-Ubuntu22_arm64.deb

60ab551a052a13bf0d5f6c80840aea88123cbc8965c15e73b1a97ee7ff0d53f7

openvpn-as_2.14.1-ff013d4d-Ubuntu24_amd64.deb

13bfef167bb1b9139826fef0d7d045616347c3244531237ff3433fee5be7f5ea

openvpn-as_2.14.1-ff013d4d-Ubuntu24_arm64.deb

9beb5b0b5a102ed0b3c2260bad24343153be90de278d8c8269b361d9f3e27f50

openvpn-as-bundled-clients-31.deb

4784f81e1bfa84e57759d330a67a3f719ffedfdbf9e852bdc732af31d1036d56

openvpn-as-bundled-clients-31.rpm

b528ccd6ce7c659f46e2ddc04f528d8f46d1a31f3fb90b4a1ec71651b47f9da1

Scripts

File Name

SHA256SUM

Version

install.sh

9ae7ffc5078f5c3ae235b42fd245906e4dba16491ca605e6545f96dcc2547590

1.2

bridge-down.sh

279a3321fd2760d6eb1acb0ba71c9b862bc33c9ced1efa775142d4697b28a848

1.0

bridge-up.sh

5538ee6e9d6cb2e2bb5882d54c69fd044ca89375c1406ad5432877d01369c091

1.0

ipsec.conf

0123c2613e9a605bb3f2f8817d1e466cbd9f2410450c7e7ddf8f353e4ea9042a

1.0

ipsec.secrets

df247bc3b5d82dc5a30539893a23731b73979345db2a18314cd8b641d367de75

1.0

ipsec.sh

131a9627a686fff6a1cbc067339a3c11057ca1dcf29108805217b6a16036ddff

1.0

pascrs.py

a260aaf39d7b8d3cf6474a852c69a50c7929c4839d5a323a1671fbc69949e9b2

1.0

pasvar.py

4c1c45fa98b39d3372a7da1fcc6437241cb46a111ae98cb60a3e08c5428c0a44

1.0

post_auth_custom_auth.py

55f2fdb1d7b38d635b57443f4ab0e9aee2717d94e06ec5b14c36ca4a36397a08

1.0

post_auth_ip_address_checking.py

c62a78ec338815f9548f77d76166b5a2c050d79db6471fcf9f7fc040fa7d3741

1.0

post_auth_ldap_autologin_dbsave.py

f96dc0a01f9794e9afa10a19df507c0b4cccc6815b440ffbeadad9e536a1827f

1.0

post_auth_mac_address_checking.py

a8adb293a50d304fb82b55adaafde21e1d2fe3d136523c127f5df11feb4604af

2.0

post_auth_pas_only.py

dcb41038549de251461559fb25c25e369a32c72685492ce5005a793fc52d508a

1.0

post_auth_radius_mapping.py

1e6537b8ee39d3eda25ae65548ffc91180f456ce3ce8780e89a5d804fce9866a

2.0

post_auth_saml_group_mapping.py

0fe484cca8c7169653b9ec52b41f96264080f819b1818924c6a698b9c7771400

1.0

SHA256SUM is a tool that generates a 256-bit hash (a unique string of characters) for a file. A calculation based on the file's contents generates this hash, and if even one byte of the file changes, the hash will be completely different. By comparing the hash of your downloaded file with the official hash provided by us, you can verify that the file hasn't been altered or corrupted.

  1. Verifying the file ensures it wasn't corrupted during the download process.

  2. Comparing the checksum helps protect against any unauthorized modifications to the file.

  3. Downloading a file from an official source may not always guarantee safety if the file is intercepted and altered. To ensure the file is legitimate, you should verify the checksum.

We recommend using the install.sh script from the Access Server Portal, as it leverages the operating system's built-in package manager to automatically authenticate packages with a trusted signing key, eliminating the need for manual verification. However, if preferred, you can manually validate the install.sh script's integrity using the SHA256 checksum provided in the table below.

For offline installations, you can manually check the integrity of any downloaded files using the provided SHA256 hashes. To verify a downloaded file, follow these steps:

  1. Connect to the console and get root privileges.

  2. Download the install script from the Access Server portal or manually download the Access Server file.

  3. Calculate the checksum of your downloaded file:

    sha256sum openvpn-as-x.deb1
    

    1

    Replace the filename with the file you want to check the integrity of.

  4. After running the command, the tool returns a checksum.

  5. Compare the checksum with the one listed for the file in the table below. If it matches, your file is authentic.

  • If you're using the installation script from the Access Server Portal, you can verify the integrity of install.sh with the last line in the table.

  • The easiest method to ensure the authenticity of Access Server installation files is to use our install script, which leverages the operating system's built-in package manager to authenticate downloaded packages using a trusted signing key automatically. This eliminates the need for manual file verification. However, suppose you prefer downloading the installation files manually, such as offline installations. In that case, you can authenticate their integrity by comparing the files against the provided SHA256 hashes to ensure they haven't been tampered with or corrupted.