OpenVPN Security Advisory: Dec 14, 2018
Action needed: Important update for OpenVPN Access Server

Activating a license on the OpenVPN Access Server

Important notes regarding the BYOL licenses

Starting with January 20th of 2019, our licensing system will have been updated to increase security and to enhance the licensing system for new licensing options in the future. As such it is important to either update your Access Server to version 2.6.1 or newer, or if you wish to continue using an older version (which by the way is not recommended for security reasons) apply a licensing patch to your existing Access Server. This can even be done on a running Access Server without stopping it.

If you try to activate a new license key or a renewal license key on an outdated and unpatched OpenVPN Access Server after January 20th of 2019, you will see an error message. To resolve that, follow the instructions to either upgrade your Access Server to the latest version, or apply the licensing patch.

See this security advisory for more information about the licensing system changes:

Please note that activation a license key does not mean you get to keep the 2 connections in the demonstration mode. The demonstration mode ends when you activate a license key on the Access Server, and only the stated amount on the license key takes effect then. For example if you are testing the Access Server without a license key, and you are allowed to connect 2 devices simultaneously to it, and you then activate a purchased license key for 10 connections, then you can then connect 10 devices to the Access Server, not 12.

Also please note that when you activate a BYOL type license key, it then becomes non-refundable as per our license agreement you agreed upon when purchasing and when installing the Access Server. We are mentioning this specifically because there is every opportunity to test the Access Server without purchasing and activating a license key.

Activate a license key using the admin web interface

First of all go to the web interface of your Access Server. If you are unfamiliar with how to access it, your Access Server is accessible using a web browser at the IP address or DNS address that you set up for your server. For example if you’ve only just set up your server then open your web browser and access it by its IP address. If your server’s IP address is 192.168.70.222 then you should be able to reach your Access Server admin web interface at https://192.168.70.222/admin

If you try to open that address now it will most likely not work because it’s a made-up number. You should find out what the IP address of your Access Server is, and use that to contact your Access Server’s web interface. If you haven’t set a password for your web interface yet, set one with the command:

sudo passwd openvpn

Please note that this assumes you have SSH access to your server and can run commands on the command line interface. If you are not able to reach the admin web interface of your Access Server or you haven’t set up an OpenVPN Access Server yet, we recommend that you read the following articles first to get you started, before you continue with this guide.

Once you are able to load the admin web interface web pages you can continue with these steps. There are pictures provided to aid you in the steps you should follow, simply click the links below to show them:

  • Once you are on the admin web interface, you have to login as an administrative user. The default is openvpn.
  • Once you are in the admin web interface you will see the status overview page.
  • In the menu on the left, click on License. On this page you can enter a new license key to activate"
  • Click the Add A New License Key button to activate it. If all goes well, your license key will now be activated.

Activating a license key on the command line

It’s also possible to activate a license key on the command line. To do so make sure you are logged on to your OpenVPN Access Server’s operating system on the console or through SSH, and that you have root permissions. Then follow these commands to do the desired tasks. As always for command line interaction with Access Server we assume you are logged on as root user and that you are in the /usr/local/openvpn_as/scripts/ folder where the CLI tools for Access Server are located.

Activating a new license key:

./liman Activate "LICE-NSEK-EYIN-HERE"

Show the current licensing state, and any possible problems with license keys:

./liman info

Troubleshooting licensing problems

If you have any problems with activation a license key, we advise that you consult the licensing troubleshooting page, as most problems are addressed there.

More information on available licensing models

The OpenVPN Access Server is currently available in 2 different licensing models. There is on Amazon AWS the pre-licensed tiered instances, that come in a number of different sizes in terms of amount of simultaneous devices you can connect to it, and it is available in a Bring Your Own License (BYOL) licensing model. When you use the Amazon AWS pre-licensed tiered instances, they get licensed automatically through the Amazon AWS systems and you are billed directly by Amazon itself. On the BYOL licensing model, you install the Access Server on your own systems and you purchase a license key on our website, which you can use on your Access Server to unlock the amount of connections mentioned on your license key.

This guide here explains how to activate a BYOL licensing model license key on your own Access Server. For Amazon AWS pre-licensed tiered instances that are automatically licensed through the Amazon AWS systems itself, you do not need this guide as it does not apply to that situation. This guide is only for the BYOL license model license keys.

For more information about the licensing models and pricing, check this article:

Please note that purchasing a license version of Access Server is not necessary if you just want to try it out. If you install the OpenVPN Access Server on your own systems you can skip the question for a license key, and it will allow full functionality, but only 2 devices can be connected simultaneously until you do decide to install a license key. Furthermore, on Amazon AWS we have a 7-day free trial version available on the AWS Marketplace that allows even 5 connections. If you terminate that before the end of the 7-day free trial, you don’t get charged for the software costs for the Amazon OpenVPN Access Server instance.

Share