Installing OpenVPN Access Server on a Linux system
Introduction
The following information will help you launch OpenVPN Access Server on a Linux operating system.
Tips for installing OpenVPN Access Server on a Linux system:
- Operating systems supported.
- Installation requirements and preparation.
- Install repository, then upgrade.
- Finishing configuration and using the product.
- Limitations of an unlicensed OpenVPN Access Server.
Operating systems supported
We distribute OpenVPN Access Server via our software repository on a number of popular Linux distributions. Refer to OpenVPN Access Server system requirements for the compatible Linux operating systems.
To install the repository and install Access Server:
Choose the platform from our download page and get the instructions for installing the repository and Access Server.
- Refer to the software repository download page.
- Find and click on the platform you’re using.
- Use the commands to install the repository and software.
We provide quick start guides for all supported operating systems as well; refer to OpenVPN Access Server installation options.
Our quick start guides step you through launching OpenVPN Access Server on:
- Ubuntu
- Debian
- Red Hat Enterprise Linux
- CentOS
- AWS
- Google Cloud
- Azure
- DigitalOcean
- Oracle
- VMWare
- Hyper-V
Installation requirements and preparation
The following will help you prepare your platform for installation.
Verify that your server is ready
- You need a supported Linux OS with root level access. You can connect directly through the console or through an SSH session using a tool like PuTTY.
- If you need to sign in as an unprivileged user, sudo up to gain root privileges.
- Ensure your server has the correct time and date, required for certificate generation and verification as well as implementing multi-factor authentication.
- To check the current time, date and time zone on a Debian/Ubuntu system:
apt update
apt -y install tzdata
dpkg-reconfigure tzdata
- To check the current time, date and time zone on a CentOS/Red Hat system:
timedatectl --help
- Ensure your server can access the internet. Some use cases require running Access Server in an environment without internet access—if you need this, contact support to help set you up with an offline license activation.
- We recommend installing Access Server behind a firewall as part of a layered security approach. Forward ports TCP 443, TCP 943, TCP 945, and UDP 1194 from the public internet to the private address of Access Server behind the firewall.
- Check DNS resolution works correctly. Test by pinging a domain, such as www.google.com to verify that the server resolves it to an IP address.
Using the OpenVPN software repository
We distribute OpenVPN Access Server via a software repository.
For a system without internet access:
- You must download software packages separately.
- OpenVPN Access Server comes in two packages:
- OpenVPN Connect client software bundle
- OpenVPN Access Server
- The software also depends on various other packages to successfully install. Refer to our software repository page, click on your Linux OS, then refer to the Option 2: Manually downloaded packages.
- To activate your subscription or license, contact our support team.
Install repository, then upgrade
Check your operating system
You need to know the correct operating system to use the appropriate commands for adding the repository and installing OpenVPN Access Server.
- Determine your operating system.
- Run these commands to find the necessary OS information:
cat /etc/issue
lsb_release -a
uname -a
- Run these commands to find the necessary OS information:
Select your OS from our software repository page
- From the software repository page, click on the appropriate OS to open up the instructions for installing the repository.
- Ensure you select the correct version of your OS as well.
- The instructions work for upgrades and new installations of OpenVPN Access Server.
- Run the commands on your server’s command line as a root user.
- After adding the repository, when you run apt update and apt upgrade, you update Access Server when there’s a new version.
- We recommend rebooting your server:
reboot
Note: If your operating system version is no longer listed on our software repository page you should not try to force instructions for a newer operating system onto your outdated system. In this situation you should consider either upgrading your operating system or migrating your Access Server configuration to a more up-to-date installation.
Finishing configuration and using the product
Verify configuration completes
Once OpenVPN Access Server installs, it automatically runs an initial configuration with default settings.
When the initial configuration completes, review the output for the admin account and addresses to access your Admin Web UI.
- Get the username and password for your admin user.
- Take note of the randomly generated password for the administrative account openvpn. Access Server versions older than 2.10 do not automatically generate a password. On older versions you set the password manually by typing
passwd openvpn
on the command line.
- Take note of the randomly generated password for the administrative account openvpn. Access Server versions older than 2.10 do not automatically generate a password. On older versions you set the password manually by typing
- Get the URLs for your Admin Web and Client UIs.
- The output provides the URL to connect to your Admin Web UI to configure your VPN server. From the Admin Web UI you can manage the configuration, certificates, users, and more settings in a web-based GUI. An example address: https://192.168.70.222/admin.
- The output also provides the URL to connect to your Client UI for downloading pre-configured OpenVPN Connect as well as connection profiles. An example address: https://192.168.70.222/.
- For more details about the web service, refer to OpenVPN Access Server web services.
- Sign in to the Admin Web UI.
- Enter the URL for your Admin Web UI into your web browser and sign in with your openvpn admin account.
- When you first sign in, you encounter a browser warning due to the self-signed certificate. This is expected and you can accept the warning and continue. To resolve this you can install a properly signed web SSL certificate.
- Once signed in, you can activate your Access Server with an activation key, set up authentication systems such as RADIUS or LDAP, add users to the local authentication database, manage access control, and so on.
Refer to further documentation to configure specific functions and configuration options for the OpenVPN Access Server:
Limitations of an unlicensed OpenVPN Access Server
OpenVPN Access Server launches with two free connections.
If you use Access Server without a license or activation key
- You can use these two free connections without a time limit.
- You have full access to all of the functionality of OpenVPN Access Server.
- You can’t have more than two simultaneous OpenVPN tunnel connections to your VPN server.
To unlock more connections, purchase a subscription. Refer to our pricing page for details.