- Installing OpenVPN Access Server on a Linux system
- Operating systems supported
- Installation requirements and preparation
- Install repository, then upgrade
- Finishing configuration and using the product
- Limitations of an unlicensed OpenVPN Access Server
- Updates & Announcements
- Cyber Shield Released
- Release Notes 2.12.0
- Access Server
- CloudConnexa™
- OpenVPN 3 Client for Linux
- Installation as Connector for CloudConnexa
- Installation for Debian and Ubuntu
- Important
- Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
- Note
- Using .ovpn Profile
- Mandatory Commands
- Important
- Note
- Important
- Note
Installing OpenVPN Access Server on a Linux system
The following information will help you launch OpenVPN Access Server on a Linux operating system.
Tips for installing OpenVPN Access Server on a Linux system:
Operating systems supported
We distribute OpenVPN Access Server via our software repository on a number of popular Linux distributions. Refer to OpenVPN Access Server system requirements for the compatible Linux operating systems.
To install the repository and install Access Server:
Choose the platform from our download page and get the instructions for installing the repository and Access Server.
- Refer to the software repository download page.
- Find and click on the platform you’re using.
- Use the commands to install the repository and software.
We provide quick start guides for all supported operating systems as well; refer to OpenVPN Access Server installation options.
Our quick start guides step you through launching OpenVPN Access Server on:
Installation requirements and preparation
The following will help you prepare your platform for installation.
Verify that your server is ready
- You need a supported Linux OS with root level access. You can connect directly through the console or through an SSH session using a tool like PuTTY.
- If you need to sign in as an unprivileged user, sudo up to gain root privileges.
- Ensure your server has the correct time and date, required for certificate generation and verification as well as implementing multi-factor authentication.
- To check the current time, date and time zone on a Debian/Ubuntu system:
apt update
apt -y install tzdata
dpkg-reconfigure tzdata
Using the OpenVPN software repository
We distribute OpenVPN Access Server via a software repository.
For a system without internet access:
- You must download software packages separately.
- OpenVPN Access Server comes in two packages:
- OpenVPN Connect client software bundle
- OpenVPN Access Server
Install repository, then upgrade
Check your operating system
You need to know the correct operating system to use the appropriate commands for adding the repository and installing OpenVPN Access Server.
- Determine your operating system.
- Run these commands to find the necessary OS information:
cat /etc/issue
lsb_release -a
uname -a
Select your OS from our software repository page
- From the software repository page, click on the appropriate OS to open up the instructions for installing the repository.
- Ensure you select the correct version of your OS as well.
- The instructions work for upgrades and new installations of OpenVPN Access Server.
- Run the commands on your server’s command line as a root user.
- After adding the repository, when you run apt update and apt upgrade, you update Access Server when there’s a new version.
Note: If your operating system version is no longer listed on our software repository page you should not try to force instructions for a newer operating system onto your outdated system. In this situation you should consider either upgrading your operating system or migrating your Access Server configuration to a more up-to-date installation.
Finishing configuration and using the product
Verify configuration completes
Once OpenVPN Access Server installs, it automatically runs an initial configuration with default settings.
When the initial configuration completes, review the output for the admin account and addresses to access your Admin Web UI.
- Get the username and password for your admin user.
- Take note of the randomly generated password for the administrative account openvpn. Access Server versions older than 2.10 do not automatically generate a password. On older versions you set the password manually by typing passwd openvpn on the command line.
- The output provides the URL to connect to your Admin Web UI to configure your VPN server. From the Admin Web UI you can manage the configuration, certificates, users, and more settings in a web-based GUI. An example address: https://192.168.70.222/admin.
- The output also provides the URL to connect to your Client UI for downloading pre-configured OpenVPN Connect as well as connection profiles. An example address: https://192.168.70.222/.
- For more details about the web service, refer to OpenVPN Access Server web services.
- Enter the URL for your Admin Web UI into your web browser and sign in with your openvpn admin account.
- When you first sign in, you encounter a browser warning due to the self-signed certificate. This is expected and you can accept the warning and continue. To resolve this you can install a properly signed web SSL certificate.
- Once signed in, you can activate your Access Server with an activation key, set up authentication systems such as RADIUS or LDAP, add users to the local authentication database, manage access control, and so on.
Refer to further documentation to configure specific functions and configuration options for the OpenVPN Access Server:
Limitations of an unlicensed OpenVPN Access Server
OpenVPN Access Server launches with two free connections.
If you use Access Server without a license or activation key
- You can use these two free connections without a time limit.
- You have full access to all of the functionality of OpenVPN Access Server.
- You can’t have more than two simultaneous OpenVPN tunnel connections to your VPN server.
To unlock more connections, purchase a subscription. Refer to our pricing page for details.
Updates & Announcements
Cyber Shield Released
Cyber Shield protects you from cyber threats without requiring you to tunnel internet traffic. Turn Shield ON.
Release Notes 2.12.0
Access Server 2.12.0 comes with support for Data Channel Offload, a kernel accelerated method of encrypting/decrypting VPN traffic. It also allows setting unique global group subnets so routing in clustering mode is possible. Aside from this numerous fixes and improvements are included.
Access Server
Our popular self-hosted solution. Comes with two free connections. No credit card required.
CloudConnexa™
Cloud-delivered, as-a-service solution. Comes with three free connections. No credit card required.
OpenVPN is a leading global private networking and cybersecurity company that allows organizations to truly safeguard their assets in a dynamic, cost effective, and scalable way.
© Copyright 2023 OpenVPN | OpenVPN is a registered trademark of OpenVPN, Inc. |
CloudConnexa is a trademark of OpenVPN, Inc.OpenVPN 3 Client for Linux
The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).
This client is built around a completely different architecture in regard to usage. It builds heavily on D-Bus and allows unprivileged Users to start and manage their own WPC tunnels out-of-the-box. System Administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.
Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.
The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text).
Installation as Connector for CloudConnexa
Installation of CloudConnexa 3 client as a Connector for CloudConnexa Host or Network has been simplified and documented here.
Installation for Debian and Ubuntu
Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:
- Open the Terminal by pressing ctrl + alt + T .
- Type the following command into the Terminal: sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: curl -fsSL https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub | gpg —dearmor | sudo tee /etc/apt/trusted.gpg.d/openvpn-repo-pkg-keyring.gpg . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
- Type the following command into the Terminal: DISTRO=$(lsb_release -c | awk ») . This will detect the OS distribution and will be automatically used in the next command.
Important
It is recommended to be cautious of the distribution and release you are running. Distribution and version should preferably be retrieved using the hostnamectl command, where the user needs to link the Operating System field with the supported distros table.
Distribution
Release name ($DISTRO)
Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux
Packages for these distributions are provided via a Fedora Copr repository. Supported versions:
Distribution
Release versions
Red Hat Enterprise Linux / CentOS
In order to install the OpenVPN 3 Client for Fedora , Red Hat Enterprise Linux , CentOS , or Scientific Linux , follow the steps below:
- Open Terminal by typing terminal into the search bar.
- If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version: (The original article on Fedora EPEL can be found here). RHEL/CentOS 6 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm RHEL/CentOS 7 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm On RHEL 7 it is recommended to also enable the optional, extras , and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos —enable «rhel-*-optional-rpms» —enable «rhel-*-extras-rpms» —enable «rhel-ha-for-rhel-*-server-rpms RHEL/CentOS 8 : sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm On RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos —enable «codeready-builder-for-rhel-8-$-rpms On CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager —set-enabled PowerTools
- You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr .
Note
Using .ovpn Profile
Please note that by this point you should have downloaded a .ovpn Profile to your machine.
Mandatory Commands
- In order to start a one-shot configuration Profile, type the following command into the Terminal: openvpn3 session-start —config $ .
Important
A » one-shot configuration Profile » means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the WPC session has been started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.
Note
Using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start WPC tunnels. By default, configuration profiles imported are only available to the User who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all Users on the system.
Important
This loads the configuration Profile and stores it in memory-only . That means, if the system is rebooted, the configuration Profile is not preserved. If the –persistent argument is added to the command line above, the configuration Profile will be saved to disk in a directory only accessible by the CloudConnexa User. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.
Note
When a configuration Profile is available via openvpn3 configs-list , it can easily be started via openvpn3 session-start using the configuration Profile name (typically the filename used during the import)
- Run these commands to find the necessary OS information: