Install Access Server on Raspberry Pi

Upgrade to Latest Version

Introduction

This document explains installing Access Server on a Raspberry Pi single-board computer. You can also use these steps as a reference for installing Access Server on other single-board computers on the ARM64 platform, such as Orange Pi or Rock Pi. Note that Access Server performance is highly dependent on your platform's CPU and network capabilities.

What's covered

  • How to create a bootable microSD card with Ubuntu Server 22.04.
  • How to install and launch Access Server.
  • How to sign in to the Admin Web UI.
  • How to connect VPN clients.

Before you begin

Access Server is available for Ubuntu 22.04 LTS ARM 64 bit platform. Note that the Raspbian OS is not supported.

You’ll need:

  • A microSD card (8 GB or more recommended — 4 GB is possible).
  • A computer with a microSD or an SD card drive and a microSD card adapter.
  • A Raspberry Pi 5, Raspberry Pi 4, 400, or CM4 (A Raspberry Pi 3 will be fairly slow, and Raspberry Pi 2 and older can’t run 64-bit software and not compatible).
  • Internet access.
  • A monitor with an HDMI input (optional).
  • A microHDMI-HDMI cable (optional).
  • A USB keyboard (optional).

Install the Ubuntu image on the SD card

Start by installing an Ubuntu image:

  1. Click this link, How to install Ubuntu Server on your Raspberry Pi, to install Ubuntu Server 22.04 on your Raspberry Pi and connect it to the network. Skip step 5 in the tutorial (you don't need to install a desktop).

Note: The steps given in the tutorial will erase all existing content on your microSD card. You can skip the tutorial if you already have Ubuntu 22.04 LTS ARM64 running on your Raspberry Pi board.

Boot Ubuntu server on the Raspberry Pi

Next, you'll boot the Ubuntu server. (Step 4 in the Ubuntu installation tutorial instructs you to “Boot Ubuntu Server.” This section repeats some of that information.)

Refer to the appropriate section for your setup — choose between connecting directly with a keyboard and monitor or connecting to a headless server.

Option 1: Connect directly with a keyboard and monitor

  1. Before turning on your Raspberry Pi, ensure the keyboard is plugged in, and the monitor is connected using the mini-HDMI port. 
  2. Insert the SD card into your Raspberry Pi and switch it on.
    • Watch the boot process on screen. You must wait for the cloud-init tool to complete its configuration during the first boot before signing in.
  3. Once cloud-init finishes, sign in using “ubuntu” as both the login ID and the password.
  4. At the prompt, change the password to something more secure.

Option 2: Connect remotely (headless)

  1. Insert the SD card into your Raspberry Pi and switch it on. To connect, you’ll need:
    • The IP address of the Raspberry Pi on your local network.
    • An SSH client.
  2. To determine the IP address of the Raspberry Pi, look at your router’s DHCP client list to try to identify the device, or run the arp command to locate the device using its network interface MAC address.
    • On Ubuntu and macOS:
      arp -na | grep -i "[beginning of MAC address]"
    • On Windows:
      arp -a | findstr [beginning of MAC address]
  3. For the MAC address, depending on the Raspberry Pi version, you can try to use one of the following:
    • "b8"
    • "dc"
    • "e4"
  4. The output should return the IP address of your Raspberry Pi.
  5. Connect to your Raspberry Pi with an SSH session:
    • On Ubuntu and macOS, use the installed SSH client. Open a terminal and run the following command:
      ssh ubuntu@[Raspberry Pi IP address]
    • On Windows 10, if you don’t already have an SSH client, you can use PuTTY or OpenSSH. (Find the steps for PuTTY or bash down below.)
  6. Once connected, enter “ubuntu” for the login ID and the password.
  7. At the prompt, set a new password and then reconnect with the SSH command and the new password.

To connect with PuTTY:

  1. Open the PuTTY app.
  2. Enter the IP address of the Raspberry Pi in Host Name (or IP address).
  3. (Optional) Enter a name for the connection in Saved Sessions and click Save.
  4. Click Open.
  5. Read through the security prompt and click Yes to add the server host key to the registry cache.

To connect with bash (Ubuntu) on Windows:

  1. Open the bash app.
  2. Run the SSH command: ssh ubuntu@[Raspberry Pi IP address]

Install Access Server

Set a time zone

First, you must set the time zone on your Raspberry Pi. The time and date on your server must be accurate for any certificate generation and verification and the time-based functionality of Google multi-factor authentication (MFA).

To set the date and time, run these commands with root privileges:

apt update
apt -y install tzdata
dpkg-reconfigure tzdata

Provide internet access

Access Server can function entirely within an environment without internet access. However, VPN clients cannot connect over the internet without such access. This document assumes you connect the Raspberry Pi to a private network with internet access through a router.

We recommend using a firewall with your network setup. Access Server requires ports TCP 443, TCP 943, TCP 945, and UDP 1194 to be forwarded from the public internet to the private IP address of the Access Server on your Raspberry Pi behind the firewall.

Install your Access Server package using the OpenVPN repository

Sign in to the Access Server portal on our site or create a new account to add the Access Server repository to your Raspberry Pi:

  1. Click Get Access Server.
  2. Click Linux Software Package.
  3. Click the Ubuntu icon.
  4. Choose Ubuntu 22, ARM64.
  5. Install via repository with the commands provided.

After installing the openvpn-as package, the initial configuration runs. When it completes, take note of the Admin UI and Client UI addresses and the randomly generated password for your admin user, openvpn.

+++++++++++++++++++++++++++++++++++++++++++++++ 
Access Server 2.11.3 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log

Access Server Web UIs are available here:
Admin UI: https://192.168.102.130:943/admin
Client UI: https://192.168.102.130:943 
Login as "openvpn" with "RR4ImyhwbFFq" to continue
(password can be changed on Admin UI)
+++++++++++++++++++++++++++++++++++++++++++++++

For more details refer to Finishing Configuration of Access Server.

Sign in to the Admin Web UI

Use your Admin UI address to connect to the Admin Web UI. Typically, the Admin Web UI is located at the address of your Raspberry Pi with /admin/ appended, for example, https://192.168.70.222/admin/. 

In a web browser, enter the URL and click through the security message. The security message appears because Access Server uses a self-signed certificate. You have the option of loading your own valid certificate in the web interface later on.

Sign in with the openvpn user and password. After reading and accepting the EULA, the first screen is Activation, where you can paste your subscription key. 

You can use up to two concurrent connections to test every Access Server feature for free.  Grab a free activation key from our website. Then, paste the key and click Activate. When you’re ready for more connections, it’s easy to increase your connections on our site and the change reflects automatically on your Access Server.

The next step is to set up a fully qualified domain name (FQDN), such as vpn.example.com, which resolves to the public internet IP address of your Access Server. You can then configure that FQDN in your Access Server as the address to which your VPN clients connect. Once you have this address, input it into the Hostname or IP address field in the Network Settings page in the Admin Web UI. After setting this up, your VPN clients will know how to reach your Access Server from the public internet.

Connecting VPN clients

The final step is to connect VPN clients to your Raspberry Pi running Access Server. Download the pre-configured clients directly from the Access Server’s Client Web UI:

  1. Enter the IP address or FQDN of your server into a web browser. 
  2. Sign in as a user
  3. Download the OpenVPN Connect app for your OS and install it.

OpenVPN Connect is our free VPN client. Your Client Web UI provides pre-configured OpenVPN Connect apps to download. You can also download only a connection profile and import it into a VPN client such as OpenVPN Connect or any other compatible OpenVPN client program.

Once you download and install the app, open it and click the user profile to connect.

Helpful resources

We provide free support and technical guides on our site. Here are some helpful resources: