VMWare ESXi

An Overview & Installation Guide For OpenVPN Access Server Appliance

VMWare ESXi is a bare-metal hypervisor, allowing you to reduce space, power, and IT admin requirements by consolidating multiple servers onto fewer physical devices. With an incredibly low footprint of only 150 MB, ESXi gives you an environment to configure a VMWare virtual machine (VM) with the specs you need for your desired server environment. We like its modern UI built on HTML5 and have provided an easy way to create a virtual private network (VPN) VM with OpenVPN Access Server. Are you ready to deploy your VMWare VPN server today?

Before You Get Started

A bit of helpful information for you to start:

  • The OpenVPN Access Server appliance for VMWare ESXi is compatible with 5.0 or newer.
  • VMWare Workstation, Fusion, and even Player may also be compatible with the OVA file, however we have not tested this ourselves.
  • By default, it is assigned 1 vCPU and 1GB of memory and has a swapfile of 512MB. Adjust as needed.
  • The steps below provide you with a VMWare ESXi configuration guide for deploying OpenVPN Access Server as a VMWare VPN.

Choose Your Preferred Deployment Method

Download the latest version OVA by signing in to the Access Server portal:

Instructions below provide you with the steps to deploy the virtual appliance through your deployment method of choice:

Setting Up OpenVPN Access Server With The VMWare VSphere Client

For screenshots, please refer to these instructions for Deploying the Access Server appliance on VMWare ESXi.

  • Download OVA file
  • Login to VMWare ESXi web interface
  • Right-click on Hosts or Virtual Machines and choose Create/Register VM
  • Select Deploy a virtual machine from an OVF or OVA file
  • Define the name and select or drag/drop the downloaded OVA file
  • Select the datastore to deploy to
  • Select the VM Network
  • Choose thin or thick disk provisioning
  • Confirm your settings and click Finish
  • Once the deployment task completes, look up the VM and open the virtual console
  • Now You Can Connect And Launch Your New Virtual Machine To Setup Access Server

Setting Up OpenVPN Access Server With The VMWare VSphere Client

For screenshots, please refer to these instructions for Deploying the Access Server appliance on VMWare ESXi.
Use the VMWare vSphere client to log on to your ESXi server.

  • Click File>Deploy OVF Template…
  • Enter the URL for the OVA file and click Next
  • Review the overview of the deployment and click Next
  • Name the appliance and click Next
  • Choose the datastore for deployment and click Next
  • Choose thick or thin provisioning and click Next
  • Choose VM Network for network mapping and click Next
  • Check Power on after deployment and click Finish
  • Close the deployment window after the tasks has completed
  • The new VMWare virtual machine should now be listed in your inventory
  • Now You Can Connect And Launch Your New Virtual Machine To Setup Access Server

Login To The Access Server Appliance Console

To begin configuration of OpenVPN Access Server, open the console of the virtual machine or log in through an SSH session with the following credentials:

User name: root
Password: openvpnas

OpenVPN Access Server will prompt you with setup questions. We recommend the default settings. You can adjust them at any point later on through the web interface.

When asked for a license key, simply press enter to continue installation if you don’t have one. OpenVPN Access Server comes with two free connected devices for testing purposes.

You may receive the following error: IndexError: list index out of range. This happens when the appliance is deployed on a network without a DHCP service to assign a valid IP address. To resolve this, see the instructions below on setting a static IP address. Once you’ve resolved this, you can log on to the appliance again and restart the wizard.

Because DHCP assigns IP addresses dynamically, it is helpful for most setups to set a static IP address even if they don’t receive the IndexError message.

Setting A Static IP Address

The commonly used program for setting the network IP address in Ubuntu 18 is netplan. These are the detailed instructions on how to set a static IP address on Ubuntu 18 or newer.
Our appliance is based off of Ubuntu 18.04 LTS x64. For instructions on setting a static IP address for Ubuntu 16 or older, refer to this page with instructions for using ifupdown.

Changing The Root User Password

Make sure to change the default root password from openvpnas to one of your choosing. Note: once changed, it can be difficult to reset if you lose it.
Type the following command to change the root user password:

passwd

Set A Password For OpenVPN Administrative User

The system creates a single administrative user to start, but it has no password set. To use it, you must first set a password with the following command:

passwd openvpn

Once the password is assigned, you can now login to the admin UI web interface.

Accessing OpenVPN Access Server Admin Web UI

During the installation process, you will be informed of the location of your admin web service, which is where you can log on as an administrative user and manage VPN settings. The admin UI is usually at address of your server with /admin/ added, for example: https://192.168.70.222/admin/.
You will receive a warning in the browser such as “invalid certificate” or “cannot verify identity of the server”. This is because Access Server comes with a self-signed SSL certificate to begin with. Confirm that you wish to continue to the web interface.
Login with your username openvpn and the password you have just set.

Update OpenVPN Access Server To Latest Edition

We do not rebuild our appliance image with each new release of OpenVPN Access Server. You may have a slightly older version than what is currently available. We recommend performing an in-place upgrade to get the latest release. Follow these steps:

  • Go to the Access Server installation package files page.
  • Click on Ubuntu under Choose your software package.
  • Select and copy the commands under Option 1: Install via repository (recommended).
  • Go to the command line of your virtual machine.
  • Paste the commands (logged on to the OpenVPN Access Server through an SSH session with root access). After pasting the first commands immediately run, updating and/or installing ca-certificates, wget, and net-tools. When finished, it will insert the update and install commands for OpenVPN Access Server.
  • Hit enter. This will add the official OpenVPN Access Server repository to your system, install the OpenVPN Access Server client bundle and update the OpenVPN Access Server package itself.
  • We recommend that after the upgrade process has completed, you reboot the server with the command reboot.
  • Your system is now up to date.

Update The Appliance Operating System

It’s also important to have the latest version of your appliance. To ensure that your operating system is up to date, the built-in package manager program can retrieve and install the updates. Enter the following commands when logged on to the Access Server as a root user:

apt-get update

Change Timezone Configuration And Install NTP

The default timezone of the appliance is US(Pacific - Los Angeles). Update the timezone to your correct timezone. This step is especially vital if you plan on using the Google Authenticator multi-factor authentication system, which relies on a time-based one time password system. We recommend also installing the Network Time Protocol (NTP) client program to automatically update time and date. Run the following commands logged on to the Access Server as a root user:

Set the timezone:

dpkg-reconfigure tzdata

Install NTP client:

apt-get install ntp

Your OpenVPN Access Server virtual machine is now setup through Hyper-V.

Helpful Tips:

When increasing CPU count after initial launch, also increase the amount of TCP/UDP daemons as well. To do this, in the Network Settings page in the admin UI, you’ll increase 1 TCP and 1 UDP daemon for each 1 vCPU.
Virtualization with VMWare has a little less overhead than Microsoft Hyper-V, but we also provide that as an option: Hyper-V Virtual Appliance.

What is OpenVPN Access Server?
Access Server Quick Start Guide
How to configure OpenVPN Access Server