OpenVPN Access Server Web Services
This document describes the web services provided by OpenVPN Access Server. With the Admin Web UI you can easily manage and configure your VPN server. With the Client Web UI users can easily download pre-configured VPN clients as well as connection profiles.
The Admin Web UI and Client Web UI
OpenVPN Access Server comes with a web interface that hosts two main components: the Admin Web UI and the Client Web UI.
Admin Web UI
The Admin Web UI, or Admin UI in some documentation, is the web interface for administrative users. Once logged in, an administrator for Access Server can see and change configurations for Access Server. Administrators can manage users, authentication settings, routing, access rules, and so on. For more, refer to How to configure OpenVPN Access Server.
You can configure most of the settings you need with the Admin Web UI. For advanced settings not configured in the Admin Web UI, refer to Access Server command line interface tools. You can use the command line for advanced configurations.
Client Web UI
The Client Web UI is the web interface for your end-users. Users can sign in and download pre-configured VPN clients or connection profiles. We provide our VPN client, OpenVPN Connect, pre-configured with the user’s connection profile. Once they download and install, they can launch it and connect to your Access Server. OpenVPN Connect is available for Windows, macOS, Android, and iOS. Linux and other operating system support is provided by the open source OpenVPN software project.
Users can also download connection profiles—including user-locked profiles and auto-locked profiles they can use with compatible OpenVPN client software.
Users can sign in to the Client Web UI at the address of your Access Server. Initially, you use the public IP address, for example, https://220.127.116.11. If you set up a custom hostname, which we recommend, users can go to that domain instead—for example, https://vpn.yourbusiness.com.
How to access the web interface
You connect to your Access Server web interface with an HTTPS connection through your web browser.
By default, you use the public IP address of your server to access the web services—and Access Server installs the web interfaces on port TCP 943 and makes them available at port TCP 443. For details about port sharing on TCP 443, refer to Why does Access Server use TCP 443 and TCP 943 ports.
Let’s say, for example, your Access Server’s public IP address is 18.104.22.168. You’ll find the web interface at these addresses:
- Admin Web UI: https://22.214.171.124/admin/
- Admin Web UI: https://126.96.36.199:943/admin/
- Client Web UI: https://188.8.131.52/
- Client Web UI: https://184.108.40.206:943/
We recommend setting up a custom hostname to replace the IP address. Refer to Settings up your OpenVPN Access Server hostname. With a hostname, you can sign in to your Admin Web UI and Client Web UI with a URL that’s easier to remember, for example:
- Admin Web UI: https://vpn.yourbusiness.com/admin
- Client Web UI: https://vpn.yourbusiness.com/
Sign in to Admin Web UI with openvpn user
To sign in to the Admin Web UI, you must use a username and password of a user account with administrative privileges. During initial configuration Access Server creates that user with the username openvpn and generates a random password.
Note: Access Server versions older than 2.10 do not automatically generate a password. On older versions you set the password manually by typing
passwd openvpn on the command line.
Refer to OpenVPN Access Server installation options for details about deploying Access Server to a platform if you haven’t already done this.
To sign in to the Client Web UI, you must use a username and password of a valid user, with or without administrative privileges. You can configure user authentication with the internal local authentication system or integrate with external authentication systems using LDAP, RADIUS, or PAM.
Note: We recommend using only standard user accounts, not administrators, for VPN tunnel access.
Managing web services with the Admin Web UI
Once you’ve signed in to the Admin Web UI, you can configure the web services from the Web Server and CWS Settings page under Configuration.
On the Web Server page, you can configure certificates and keys for the web server for Access Server. This is where you upload SSL certificates and bundles to replace the self-signed certificate Access Server starts with. We recommend setting this up with your custom hostname; refer to Installing a valid SSL web certificate in Access Server.
On the CWS Settings page, you can configure access to the web services. Refer to the user manual for more information: Configuration: CWS Settings.
Advanced web service settings
You can configure the web service settings using the command line. For details, refer to Managing settings for the web services from the command line.
Troubleshooting the web service
Refer to Troubleshooting access to the web service interface.
Customizing the look of the Admin Web UI and Client Web UI
Refer to Branding Configurations on the Admin and Client Web Server Interfaces for how to add your logo and other customizations.