OpenVPN Security Advisory: Dec 14, 2018
Action needed: Important update for OpenVPN Access Server

OpenVPN Access Server beta program

Introduction

For our enthusiastic users we offer the option of downloading beta releases of Access Server, when they are available. We normally build development builds internally that undergo testing until finally a build is made that we consider to be ready for release, but which requires some final in-the-field testing. Some of our regular customers have expressed an avid interest in accessing these release candidate builds, especially as we put new and interesting features into these.

As such we have created a beta program for the OpenVPN Access Server program. There is no special membership required, these builds function just like the ordinary releases, meaning they work even without a license key, allowing 2 connections (or as many as you are licensed for, if you want to test it on a production system) but obviously with the caveat that since it’s beta software, it may still be possible that the product contains some unforeseen bugs.

Legal information

Our normal software license agreement for OpenVPN Access Server applies to the beta releases, as well as a warning that since this is beta software, you may not expect production level performance from the beta builds. In other words we take no responsibility if the server crashes because of an installation of a beta build of OpenVPN Access Server. Having said that, we do of course do our best to try to ensure that the product performs as expected.

To clarify: these builds are not for production use and if you do so it is at your own risk. People seeking to upgrade Access Server to the latest stable release should go here:

Beta release notes for Access Server 2.7.1

  • Added the first iteration of a high availability cluster feature to Access Server.
  • The web interface has been updated and expanded for the clustering feature.
    • When the cluster feature is enabled, the web interface allows you to configure any node or the whole cluster, from any node.
    • Enhanced the session token system so it is capable of allowing users with a session token from one node, to log on to another node automatically.
    • Multiple Access Server instances can now share a common user database, so that user on one node can also log on to one of the other nodes.
    • Enabling the cluster feature requires that you migrate to a MySQL type database. A tool has been added in the UI to do that migration.
    • The OpenVPN core library has been updated to OpenVPN 2.4.6.
    • Various libraries bundled with Access Server have been updated like Twisted and PyOpenSSL.
    • Updated OpenVPN Connect Client software to be able to switch between nodes on a cluster in the event of a problem.
    • The User Permissions page had a bug with pagination which has now been resolved.
    • Increased and automated as.conf security since this file will contain database access passwords in clustering mode.
    • The opt-verify parameter has been removed on the server side since the reason for it is no longer present and it helps avoid a bug on the client side.
    • The ‘Connect’ functionality in the client web service has been removed as it was broken and cannot be implemented in modern browsers.
    • After careful consideration, and taking into account how well OpenSSL has improved over the years, the mbedTLS support in AS has been removed.

Important notes

  • This beta release is not suitable for AWS tiered instance licensing instances. The stable release will be.
  • The biggest feature update is support for clustering mode. This is further explained in our documentation.
  • The admin web UI has been updated further, this is an ongoing process to improve its functionality and looks.
  • The clustering feature requires that you install some MySQL libraries on the Access Server, this is in the documentation.

Downloads overview, AS 2.7.1-beta (cluster release)

Installation instructions

You can start out with a clean Linux installation and then install the package above, or you can take one of our existing appliances and deploy it, then upgrade it to the latest version. There is the caveat that this build has not been tested with Amazon AWS tiered licensing, so it might be the case that it does not read the licensed state properly there. Of course we will test and make this functional on a stable release of Access Server.

Here is an overview of the installation options for Access Server in general:

Instructions on enabling and setting up a cluster:

Feedback and free trial license keys

Obviously, the whole point of this is to get feedback from our users, to learn what you, our customers, want to see and to report any problems you may find. You can reach us best at our support ticket system. Kindly do take care to notify us when you are about to give us feedback about the beta system, and not about the stable release.

If you wish to try out the product with more connections than the standard 2 connections per node, contact us on our support ticket system and request free trial license keys for the OpenVPN Access Server beta version. We can provide a couple of license keys that will function for a month, giving you time to evaluate and test the product. And as mentioned before, we would love to hear your feedback so we can improve our product.

Share