Setting Up OpenVPN Access Server on Red Hat

OpenVPN Access Server fits seamlessly with Red Hat. The OpenVPN Access Server software repository provides you with the following three components:

  • The popular OpenVPN open-source VPN server software.
  • A user-friendly and intuitive web interface.
  • Client software for Windows, macOS, Android, iOS, and Linux.

1. Install updates and set the correct time

We recommend you start by updating your operating system to the latest version and ensure it's set to the correct time:

  1. Sign in to your Linux system on the console or via SSH and obtain root privileges.
  2. Run the commands below to install updates and set time and date correctly:
yum update
timedatectl
timedatectl --help

Note: We assume your OS comes with a time synchronization tool to ensure the correct date and time. If it doesn't, you must ensure they're correct and consider installing a Network Time Protocol (NTP) client program to keep accurate time on your server. Access Server relies on accurate time for time-based one-time passwords for multi-factor authentication and certificate management.

2. Install OpenVPN Access Server from the software repository

With the console or SSH session still open, add the OpenVPN Access Server software repository to your operating system and install the necessary software:

  1. Click the link below and follow the instructions for your operating system.
  2. Ensure you choose the correct operating system and version. Then copy and paste the instructions to your server to install the openvpn-as package and complete the installation.

Note: If your operating system version isn't listed as one we support, don't proceed, as the commands will likely fail.

3. Take note of the web interface access and login credentials

After installing the openvpn-as package, take note of the Admin UI and Client UI addresses as well as the randomly generated password for your administrative user openvpn. These display on screen similar to this example:

+++++++++++++++++++++++++++++++++++++++++++++++ 
Access Server 2.10.0 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log

Access Server Web UIs are available here:
Admin UI: https://192.168.102.130:943/admin
Client UI: https://192.168.102.130.943 
Login as "openvpn" with "RandomPassword" to continue
(password can be changed on Admin UI)
+++++++++++++++++++++++++++++++++++++++++++++++

4. Finish configuration and setup users in the web interface

Using the information from the previous step, connect to the Admin Web UI and sign in with the openvpn user and password.

For example: https://address/admin/
(replace address with the IP or DNS hostname of your server)

The Access Server Admin Web Interface provides an intuitive tool to manage settings for OpenVPN Access Server. But the first time you access it, you will receive a warning that the security or privacy of the website can't be determined. This is expected. Access Server comes with a self-signed, untrusted SSL certificate so that the web service will function. You may override this warning message and proceed. We recommend you set up a valid DNS hostname for your Access Server and install a valid signed SSL certificate to resolve this message.

For more details on this step refer to Finishing Configuration of Access Server.

Recommended next steps

Installation tips

To reach OpenVPN Access Server via the internet, set the hostname or IP address to one facing the public internet. If you set up your server in a private network, it may assume a private IP that can't be reached from the internet. You may change this by setting up a DNS hostname that resolves to the public IP address where your Access Server can be reached and configuring this in the Admin Web UI. Assuming the right ports are open, your VPN clients can reach Access Server from outside your private network. Setting a DNS hostname also allows you to install a valid signed SSL certificate that matches that DNS hostname.

The default subnet for OpenVPN Access Server's internal VPN subnet is 172.27.224.0/20. You can change the subnet to one that might work better for your current network.

OpenVPN Connect client

VPN client devices need a program installed like OpenVPN Connect to establish a VPN connection to Access Server. You can obtain the necessary software and connection details from the Client UI. This is the same address as the Admin Web UI, minus the /admin part.

For example: https://address/
(replace address with the IP or DNS hostname of your server)

Users can sign in with their credentials and obtain all the necessary client software and configuration to connect to your OpenVPN Access Server.

Helpful Linux Tips

  • Successfully running the Linux commands here requires executing them with root privileges logged in as a root user or sudo up.
  • By default, an unlicensed server allows only two connections. You can purchase a software license to increase this.
  • Licensing an Access Server without internet access requires contacting OpenVPN support for an offline activation procedure.
  • If you experience slowness with the web interface or license key activation, check that DNS resolution is working as expected.