Introduction
It’s important to note that due to the flexibility of computer networks and the OpenVPN Access Server product, there are many use-cases possible. The following example use-cases are not exhaustive, but they do showcase some of the possibilities. If you have any questions about the product fitting your requirements, please contact us and we will help you determine if it will work in your environment.
Most of the following use-cases for Access Server assume that you are going to install the product on a server you provide, either physical or virtual, on-premise or in the cloud. An example use-case is provided for adding a VPN to a virtual private cloud like AWS or Google.
Secure Remote Access
Securely access resources remotely
Whether you have servers in your office, an off-site data center, or a cloud-based system containing all of your data, OpenVPN Access Server can provide secure access. In the diagram on the right, users on their desktop computers and mobile devices are using the OpenVPN client program to make a secure connection over the Internet to the OpenVPN Access Server. Depending on how you configure the access control rules in the Access Server, users can then transparently access either all of the resources there or only specific systems or services.
Detailed Use Case: Remote Access VPN
Site-to-site connections to bring networks together
Create site-to-site connections
Using the client-server model in the OpenVPN Access Server it is possible to connect a Linux client system in one network to an OpenVPN Access Server in another network and use this connected client as a VPN concentrator or VPN client gateway system. Both terms mean to say that traffic from a whole network can go through the already established VPN tunnel between the client and the server and reach the other network. Traffic can pass in both directions which makes it possible to connect two networks together and makes accessing resources from one network on the other network transparent and easy.
Detailed Use Case: Secure Site-to-Site Networking
Multiple networks, subnets, gateways, and servers
Complex inter-connectivity is possible
No matter how complex your existing setup is, the OpenVPN Access Server should integrate well. It is capable of sending specific IP addresses and ranges of traffic from a VPN client through the server. It can also send client Internet traffic through the VPN tunnel depending on what you configure. It can forward traffic coming in through the VPN tunnel intended for another subnet through the specified gateway server (handled in the OS routing table). It can be used to connect multiple different networks together in a site-to-site setup. Access Servers can be connected with each other to give access to resources or VPN clients.
Basically, if it can be routed, the OpenVPN Access Server should be able to handle it. If in doubt please contact us and we will be happy to assist you.
Secure Internet traffic or contact limited-access systems
Optionally protect your Internet access
If OpenVPN Access Server is installed in a data center or cloud system, it can be used to secure your client devices’ Internet connection. If, for example, you are on a public network you might want to ensure that all your Internet traffic goes into a secure encrypted VPN tunnel and to your own Access Server. From there the traffic can continue to its destination, and responses are sent back via the same path. This way programs and people snooping on the network you’re on can only see encrypted packets of data that are useless to them.
Another use-case for the type of setup shown in the diagram is the ability to have traffic from connected VPN clients appear to come from the public address of the OpenVPN Access Server itself. This is useful if you have a server on the Internet or in a datacenter that blocks all access except from a whitelist of specific IP addresses that do have access. You can have VPN clients connect to the Access Server and have it handle the traffic for only that limited access system. This traffic will then appear to be coming from the Access Server, which you can add to your whitelist. Any connected VPN client will then have access to this server in a secure manner.
Secure Access to Cloud-Based Systems
You can extend the benefits of an IaaS cloud provider to your VPN server by using one of our preconfigured solutions. You have the option to install OpenVPN Access Server via the following cloud providers: Amazon Web Services, Google Cloud Platform, Oracle, DigitalOcean, and Microsoft Azure.
Detailed Use Case: Secure Access to Cloud-Based Systems
Deployment
To deploy OpenVPN Access Server, you can:
- Deploy it yourself, using our Quick Start Guide.
- Deploy a ready-to-launch instance on Amazon Web Services
- Deploy a ready-to-launch instance on Microsoft Azure
- Deploy a ready-to-launch instance on Google Cloud
- Explore some of our more detailed self-deployment options.
Once you have Access Server, you then simply connect a device via one of our clients. On mobile platforms, we have apps for Android and iOS, but you can also get started on macOS, Linux, or Windows.