Microsoft Hyper-V

An Overview & Installation Guide For OpenVPN Access Server Appliance

A bit of helpful information for you to start:

  1. The OpenVPN Access Server appliance for Microsoft Hyper-V is based off the Ubuntu Server distribution line
  2. It includes all required Hyper-V modules
  3. We provide the .VHD image
  4. We advise setting a minimum of 1GB of RAM when creating the virtual machine

Setting Up OpenVPN Access Server On Hyper-V

These instructions will walk you through the process of attaching the OpenVPN Access Server VHD image to a generation 1 type VM for Microsoft Hyper-V. At a high level, you’re going to accomplish the following five steps:
If you’d like more detailed instructions on setting up using Hyper-V Manager, please refer to Microsoft’s documentation.

  • Download the OpenVPN Access Server zip file.
  • Extract the zip file into a folder. A recommended location is a file where you keep all of your virtual hard disk images.
  • Extract the zip file into a folder. A recommended location is a file where you keep all of your virtual hard disk images.
  • Create a new virtual machine in Hyper-V
  • Choose local installation source or change installation source
  • Create your virtual machine

Now You Can Connect And Launch Your New Virtual Machine To Setup Access Server

Login To The Access Server Appliance Console

To begin configuration of OpenVPN Access Server, open the console of the virtual machine or log in through an SSH session with the following credentials:

User name: root

Password: openvpnas

OpenVPN Access Server will prompt you with setup questions. We recommend the default settings. You can adjust them at any point later on through the web interface.

When asked for a license key, simply press enter to continue installation if you don’t have one. OpenVPN Access Server comes with two free connected devices for testing purposes.

You may receive the following error: IndexError: list index out of range. This happens when the appliance is deployed on a network without a DHCP service to assign a valid IP address. To resolve this, see the instructions below on setting a static IP address. Once you’ve resolved this, you can log on to the appliance again and restart the wizard.

Because DHCP assigns IP addresses dynamically, it is helpful for most setups to set a static IP address even if they don’t receive the IndexError message.

Setting A Static IP Address

The commonly used program for setting the network IP address in Ubuntu 18 is netplan. These are the detailed instructions on how to set a static IP address on Ubuntu 18 or newer.

Our appliance is based off of Ubuntu 18.04 LTS x64. For instructions on setting a static IP address for Ubuntu 16 or older, refer to this page with instructions for using ifupdown.

Changing The Root User Password

Make sure to change the default root password from openvpnas to one of your choosing. Note: once changed, it can be difficult to reset if you lose it.

Type the following command to change the root user password:

passwd

Set A Password For OpenVPN Administrative User

The system creates a single administrative user to start, but it has no password set. To use it, you must first set a password with the following command:

passwd openvpn

Once the password is assigned, you can now login to the admin UI web interface.

Accessing OpenVPN Access Server Admin Web UI

During the installation process, you will be informed of the location of your admin web service, which is where you can log on as an administrative user and manage VPN settings. The admin UI is usually at address of your server with /admin/ added, for example: .

You will receive a warning in the browser such as “invalid certificate” or “cannot verify identity of the server”. This is because Access Server comes with a self-signed SSL certificate to begin with. Confirm that you wish to continue to the web interface.

Login with your username openvpn and the password you have just set.

Update OpenVPN Access Server To Latest Edition

We do not rebuild our appliance image with each new release of OpenVPN Access Server. You may have a slightly older version than what is currently available. We recommend performing an in-place upgrade to get the latest release. Follow these steps:
Go to the Access Server installation package files page.
Click on Ubuntu under Choose your software package.
Select and copy the commands under Option 1: Install via repository (recommended).
Go to the command line of your Hyper-V appliance.
Paste the commands (make sure you have root access).
After pasting the first commands immediately run, updating and/or installing ca-certificates, wget, and net-tools. When finished, it will insert the update and install commands for OpenVPN Access Server.
Hit enter. This will add the official OpenVPN Access Server repository to your system, install the OpenVPN Access Server client bundle and update the OpenVPN Access Server package itself.
We recommend that after the upgrade process has completed, you reboot the server with the command reboot.
Your system is now up to date.

Update The Appliance Operating System

It’s also important to have the latest version of your appliance. To ensure that your operating system is up to date, the built-in package manager program can retrieve and install the updates. Enter the following commands when logged on to the Access Server as a root user:

apt-get update
apt-get upgrade

Change Timezone Configuration And Install NTP

The default timezone of the appliance is US(Pacific - Los Angeles). Update the timezone to your correct timezone. This step is especially vital if you plan on using the Google Authenticator multi-factor authentication system, which relies on a time-based one time password system. We recommend also installing the Network Time Protocol (NTP) client program to automatically update time and date. Run the following commands logged on to the Access Server as a root user:

Set the timezone:

dpkg-reconfigure tzdata

Install NTP client:

apt-get install ntp

Your OpenVPN Access Server virtual machine is now setup through Hyper-V.

Helpful tips:

  • When increasing CPU count after initial launch, also increase the number of TCP/UDP daemons as well. To do this, in the Network Settings page in the admin UI, you’ll increase 1 TCP and 1 UDP daemon for each 1 vCPU.
  • Web services by default run on port TCP 943 so you can visit your VPN client web service at your assigned IP address with :943 at the end. For example: https://192.168.70.222:943/
  • If your new virtual machines is configured as Generation 2, you must disable secure boot when creating it with the Hyper-V Manager. This is because you’ll be running a Linux distribution.
  • Hyper-V supports most flavors of Linux as well as Windows Server and other guests. You can install the OS and the package manually to setup OpenVPN Access Server with other configurations as well. The steps above outline how to deploy our pre-made appliance, or image.
  • Virtualization with VMWare has a little less overhead than Microsoft Hyper-V, but for companies that are Windows-only, this is an excellent setup.

Further Resources