Introduction
OpenVPN Access Server provides a DigitalOcean Marketplace VPN that you can get up and running within minutes.
Working with DigitalOcean, you use their Droplets, which are Linux-based virtual machines running on virtualized hardware. By using the OpenVPN Access Server Droplet from their Marketplace, you can launch a VPN hosted in the cloud, with the following benefits:
- Quickly extend your DigitalOcean private networking to remote users and other sites.
- Create hub-and-spoke network topology, site-to-site, user-to-cloud, and various other secure VPN connections.
- Provide secure, remote access to applications deployed on Droplets.
Read on for your guide to get started with your VPN server on the web.
Create a Droplet
To get started, visit the DigitalOcean Marketplace to find the OpenVPN Access Server VPN and follow these steps:
- Click Create OpenVPN Access Server Droplet.
- Choose your DigitalOcean plan and datacenter for your droplet.
- Choose your authentication. We recommend SSH keys, which are more secure.
- Select any additional options, change the droplet hostname (if desired), add tags, and select a project.
- Click Create Droplet.
Note: This guide assumes you use SSH keys.
Use these helpful tips for selecting your Droplet options:
- When starting out Access Server, you can start with a Basic CPU. If you notice slow performance of data traveling through the VPN tunnel, we recommend choosing a CPU-optimized droplet. Decrypting and encrypting data is CPU intensive.
- Access Server requires very little storage for logs. Even 25 GB should be enough.
- Access Server primarily uses IPv4, with limited IPv6 support.
Connect to your new Droplet
Once DigitalOcean deploys your new Access Server droplet, you can connect with an SSH client or using DigitalOcean’s browser-hosted command-line window.
We provide instructions on how to connect to a common use case for Windows OS users with the PuTTY SSH Client: Connect to Access Server via SSH using PuTTY.
When you connect to your droplet’s interface for the first time, the Access Server configuration tool runs.
Finish Access Server installation
The OpenVPN Access Server Configuration Tool runs automatically the first time you sign into the droplet.
For this guide, we assume you choose the default values by pressing ENTER for each choice.
In the last step of the installation process, a randomly generated password for the ‘openvpn’ administrative accounts displays on the console (if you didn’t enter a password during the initial setup).
You can now connect to the Admin Web UI with that username and password. The URL will be along the pattern of https://[youripaddress]/admin/
Replace "[youripaddress]" with the static IP address of your server.
Finishing configuration of Access Server
To complete configuration, refer to Finishing Configuration Of Access Server.
Once you've done that, we recommend a few additional steps, below.
Changing default time zone
The default time zone is set to US (Pacific - Los Angeles). If you are in a different time zone, you can change this setting by running this command, then choose your appropriate time zone:
sudo dpkg-reconfigure tzdata
Install NTP client for automatic time synchronization
We recommend doing this for all situations, but especially for those that plan on using Google Authenticator. Run this command:
apt-get install ntp
Updating operating system software
We recommend updating your Linux OS. From the time we've generated the appliance and you've downloaded and are using it, there are likely a number of updates. To make sure your appliance OS is up to date, execute the following commands:
sudo apt-get update
sudo apt-get upgrade
Further security recommendations
We have additional security recommendations we suggest you implement, for all OpenVPN Access Server installations.