June 21, 2013

Beginner

How To Install OpenVPN Access Server on Ubuntu 12.04

Introduction


OpenVPN Access Server, from the official website is "a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments."

The installation of OpenVPN AS is much simpler compared to the traditional OpenVPN (without any GUI). Another great thing about about OpenVPN AS (Access Server) is that it has a mobile application for both Android and iOS platforms, enabling you to access your OpenVPN server on your smartphone as well.

Basic Server Setup


In this tutorial, we are using an Ubuntu 12.04 64-bit cloud server. Go ahead and create one to follow along. If you need help with this, you can refer to this tutorial here. After you have started up your cloud server, let's make some adjustments before we install OpenVPN AS. Please follow this guide to prepare our cloud server for installation.

Installing OpenVPN Acess Server


Let's begin by logging in as the root user. From here, download the OpenVPN AS package:
sudo wget http://swupdate.openvpn.org/as/openvpn-as-1.8.4-Ubuntu10.amd_64.deb

The above link is for 64-bit cloud servers since that is what we've decided to use. If by any chance you're using a 32-bit version, the download link would be:
sudo wget http://swupdate.openvpn.org/as/openvpn-as-1.8.4-Ubuntu10.i386.deb

To install OpenVPN AS, enter the following command:
dpkg -i openvpn-as-1.8.4-Ubuntu10.amd_64.deb 

If you are using a 32-bit cloud server, enter the following command instead:
dpkg -i openvpn-as-1.8.4-Ubuntu10.i386.deb

That's it. OpenVPN AS is now installed. However, there are still some things left to do before we can use it. During the installation, OpenVPN has created a default admin user called 'openvpn'. We need to set a password for 'openvpn'. To do that, enter the following command:
sudo passwd openvpn

You'll be prompted to enter your desired password. Make sure your password is secure.

Administration and Client Software Setup


OpenVPN AS web interfaces can be found at:
Admin  UI: https://YourIpAddress:943/admin
Client UI: https://YourIPAddress:943/

Replace "YourIPAddress" with your actual cloud server's IP address. Then, head over to the Client UI to use the access server. You'll see a big bad security warning. But don't be alarmed, it is perfectly okay since we've self-signed our server's SSL. Ignore the warning and click Ok/Proceed and you'll be prompted for username and password. Enter 'openvpn' as the username and the password should be what you've set for 'openvpn' before. After filling out username/password, click 'Go' and you'll see a screen like this:

openvpn

Download the 'OpenVPN Connect' software by clicking the link. After it has finished downloading, run it and enter your login credentials. And voilĂ ! You are now connected to your OpenVPN Access Server.

You can login to the Admin UI if you need to make changes to your access server, although default settings works fine.

One more thing: remember that you can use OpenVPN access server with your smartphone? Download the official Android app here and the iOS app here.

Now, have fun with your OpenVPN Access Server!

Update:


As of OpenVPN Access Server v2.0, OpenVPN will no longer uses the 5.5.16.0/20 subnetwork for clients and will use the 172.27.240.0/20 subnet instead.

OpenVPN Access Server v2.0 Release Notes

Share this Tutorial

Vote on Hacker News

Try this tutorial on an SSD cloud server.

Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more

Create an account or login:

44 Comments

Write Tutorial
  • Gravatar deekin 9 months

    Love it om nom nom - a snap to get this done!

  • Gravatar deekin 9 months

    To update OpenVPN to the latest version once it is already installed, you can perform the following steps. This will be different from what is posted in the directions above, as the OS build number and version number of OpenVPN will change from time to time. This works for when you only want to upgrade OpenVPN - not the whole system. 1. In a browser navigate to http://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu 2. Right click and copy the link to the current package appropriate to you. 3. In a shell (once you are connected to your VPN) type: sudo wget Then put a space and paste what you have copied from OpenVPN's downloads page in step 2. In my case it was: swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb The OpenVPN version number and server build number are the ones that will likely change based on your setup, which is why we need the current path. The complete command you will enter will look something like: sudo wget swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb 4. After the updated package downloads, type: sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.amd_64.deb (same theory applies as noted in step 3) 5. You should see something like: Preparing to replace openvpn-as 1.8.4-Ubuntu10 (using openvpn-as-1.8.5-Ubuntu12.amd_64.deb) ... Upgrade detected (debian)... Unpacking replacement openvpn-as ... Setting up openvpn-as (1.8.5-Ubuntu12) ... Backing up configuration and DB files to /usr/local/openvpn_as/etc/backup prior to update. * Restarting openvpnas openvpnas user@domain $ 6. You're upgraded and all set at this point.

  • Gravatar whygog 9 months

    Ok, I must be doing something wrong. I keep getting the "Problem loading page/Unable to connect" in Firefox (similar errors in other browsers) when I try to go to https://YourIpAddress:943 or https://YourIpAddress:943/admin. As best as I can tell, it installs correctly: sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.i386.deb Selecting previously unselected package openvpn-as. (Reading database ... 23524 files and directories currently installed.) Unpacking openvpn-as (from openvpn-as-1.8.5-Ubuntu12.i386.deb) ... Setting up openvpn-as (1.8.5-Ubuntu12) ... The Access Server has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Please enter "passwd openvpn" to set the initial administrative password, then login as "openvpn" to continue configuration here: https://YourIpAddress/admin To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool. Access Server web UIs are available here: Admin UI: https://YourIpAddress:943/admin Client UI: https://YourIpAddress:943/ I've tried both the 1.8.4 and 1.8.5 on the Ubuntu 12.04 x32 512MB server and I get the same result with both. I've install Apache and I can access that just fine, so it's not like the thing is unreachable. I've also tried to configure it using the /usr/local/openvpn_as/bin/ovpn-init tool, but haven't had any luck there either. I've spent the last couple of days trying to get both OpenVPN and OpenVPN-AS, and have had no luck getting them running, so any help would be greatly appreciated.

  • Gravatar Kamal Nasser 9 months

    What's the output of the following command (as root)?

    netstat -plutn | grep 943

  • Gravatar whygog 9 months

    I think I've got the problem solved. It could have been one of several problems on my end. I might not have reverted back to a snapshot without any openvpn installed, so openvpn and openvpn-as might have been conflicting with each other, or some of the config files that I had edited may have still been on the system. Also, if you're using a domain name, https://www.domain-name.com:943 doesn't work, but https://domain-name:943 does work. I was also trying to set this up while at work during some down time, so the firewall there could have been blocking the necessary ports.

  • Gravatar mario 9 months

    I just installed Open VPN as on my VPS I can not start the service this error comes out, i hope can get some help thanks in advance for your help Error: process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t0: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t1: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t10: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t11: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t12: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t13: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t14: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t15: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t16: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t17: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t18: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t19: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t2: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t20: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t21: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t3: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t4: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t5: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t6: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t7: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t8: No such file or directory (errno=2)'] service failed to start or returned error status process started and then immediately exited: ['Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t9: No such file or directory (errno=2)'] service failed to start or returned error status

  • Gravatar Kamal Nasser 8 months

    @mario: Try running

    modprobe tun
    as root and restart OpenVPN - does that fix it?

  • Gravatar mario 8 months

    thank you for your advice, but still do not work this came out root@server:~# modprobe tun WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/. FATAL: Module tun not found. root@server:~# modprobe Usage: modprobe [-v] [-V] [-C config-file] [-d ] [-n] [-i] [-q] [-b] [-o ] [ --dump-modversions ] [parameters...] modprobe -r [-n] [-i] [-v] ... modprobe -l -t [ -a ...]

  • Gravatar Kamal Nasser 8 months

    @mario: Run

    sudo apt-get update && sudo apt-get dist-upgrade -y
    Set your droplet to boot from the latest Ubuntu 12.04 (x32/x64 depending on your droplet's OS image) kernel. Power it off via SSH
    sudo poweroff
    and boot it up from our control panel. Then run
    modprobe tun
    and paste the output.

  • Gravatar deekin 8 months

    OK, this has been killing me. I'd like my VPN server to be semi-strong 256, not watching cat videos 128. Over the last week I have searched all over for how to do this, and started a thread on openvpn.net in regards to this. Nothing :( Can anyone please guide me on how this could be accomplished? I was able to find how to set the handshake to 256, but not how to verify that the actual data stream is 256. The reason I suspect it is not is due to the fact that when I looked at the self generated SSL cert that was created as part of the process, it shows as 128. So I guess I have two questions: 1) How to re-set up my openvpn build so it is 256? 2) How can I verify that it is indeed 256 after it is all said and done? Thanks!

  • Gravatar deekin 8 months

    OK, so the nice folks over at openvpn.net finally answered me. The thread is here: https://forums.openvpn.net/topic13529.html in case anyone wants to know the nitty gritty. Thanks to Will in DO's TS as well! The TLDR version - go to https://yourvpnaddress.tld:943/admin/advanced_vpn for the client and server both (at the bottom), add these lines: cipher AES-256-CBC keysize 256 auth sha256 under both server and client config directives. Save the changes so it reloads the new config. It didn't explicitly say to download a new client after this, but I did this anyway, figuring it couldn't hurt. The answer to #1 is outlined clearly in the tread I linked above. Number 2 wasn't addressed in that thread, but what I did to verify it was download a new client from my VPN server to look at the fresh logs. When it does it's initial handshake, you have an opportunity to see the technical details about the connection. What I wanted to verify was found at the very bottom of the log files: cipher AES-256-CBC auth sha256

  • Gravatar Kamal Nasser 8 months

    @deekin: Sweet! I'm glad you figured out how to set it to 256-bit -- I'm sure this will help other users in the future as well. :]

  • Gravatar Gil Blumberg 8 months

    @deekin, Any particular advantages/reasons updating OpenVPN to the latest version?

  • Gravatar Gil Blumberg 8 months

    Answer to my own question about what's new in v1.8,5: https://openvpn.net/index.php/component/content/article/64-access-server-paid/general/531-release-notes-v185.html

  • Gravatar isymbo 7 months

    Following this guide, I can use VPN on my iPhone!!! Thanks!

  • Gravatar vlinares94 7 months

    HOW TO INSTALL A PAGE TO MY IP PROXI

  • Gravatar Kamal Nasser 7 months

    @vlinares94: What do you mean?

  • Gravatar Kyle Boddy 6 months

    I installed openvpn-as using this guide, did all the kernel upgrades, upgraded openvpn-as to the newest version, did modprobe tun with shutdown and restart, and while the server runs, the client page hangs and the image just spins. Any idea?

  • Gravatar Kamal Nasser 6 months

    @kyle.boddy: Please do not duplicate your questions. https://www.digitalocean.com/community/questions/install-openvpn-as-successfully-on-ubuntu-13-04-but-client-page-hangs

  • Gravatar Marc Isaacson 6 months

    You have a small typo: "alramed" should be "alarmed"

  • Gravatar Kamal Nasser 6 months

    Nice catch, Marc! I've corrected the article :]

  • Gravatar mapreri 6 months

    They have update openvpn, you should link http://swupdate.openvpn.org/as/openvpn-as-2.0.1-Ubuntu12.amd_64.deb :)

  • Gravatar dforge 6 months

    I got this working, but how to you configure your dd-wrt router to connect to the openvpn server?

  • Gravatar missmysoaps 5 months

    Tried it, love it, easy as pie

  • Gravatar trycatch9264 5 months

    Great article! Helps me a lot! Thank you!

  • Gravatar xxdesmus 5 months

    Any recommendations on the correct iptables rules to keep things secure/restricted while still allowing through VPN traffic?

  • Gravatar ilikeperiodsmaximus 5 months

    Hey you spelled "Access" wrongly, u spelled it as "Acess". Great article anyway, better that the one at Ubuntu Help Center, the command line configuration was stupid compared to your web interface, good job!

  • Gravatar Kamal Nasser 5 months

    @ilikeperiodsmaximus: Thanks, I'll update the article. :]

  • Gravatar Kamal Nasser 5 months

    @xxdesmus: What do you mean by keeping things secure? Do you mean allowing only people who are connected to the VPN to e.g. access port 22 on your droplet (SSH)?

  • Gravatar tien.cuong1088 4 months

    Sorry, I'm newbie and I have question quite...noob, I had follow this guide and connect success, I use 2 PC to connect VPN server and have 2 IP: 172.27.232.2 and 172.27.232.3, but I can't ping together, I just thought VNP like I can access in local of that PC connect server VPN cuz they have same network !?! How can I apply VPN in reality, it's mean build a networking services with VPN in real world !?!

  • Gravatar Clifford Duke 3 months

    I have a question on OpenVPN, I am a bit confused about it's license, it says that it is Open Source, but you need to pay for a license? So if I actually set up an OpenVPN server I need to purchase a license if I want more than two concurrent users?

  • Gravatar Kamal Nasser 3 months

    @clifford: OpenVPN is free and open-source. OpenVPN Access Server is limited to 2 clients only, you will have to pay for a license if you need more: http://openvpn.net/index.php/access-server/pricing.html.

  • Gravatar Yotam Tanay 2 months

    I've been trying to set up a VPN server for the past few hours and got my share of cryptic errors - this article did the job in 3 minutes flat! Thanks a ton!

  • Gravatar Fatih about 1 month

    whats the point of using vpn on vps ?

  • Gravatar Miki801 about 1 month

    This tutorial is truly super simple and failproof and wonder! thank you so much! :D any tips on how I could share my ethernet lan internet to my vpn client connecting through wifi (a different lan)?

  • Gravatar Evgeny about 1 month

    Thanks for great tutorial! I encountered a problem. After some time (5-10 minutes) the vpn-connection is broken and reconnected. It's very annoying. Could you give advice how to handle this?

  • Gravatar Kamal Nasser about 1 month

    @Evgeny: Check openvpn's error log and see if you can find anything on why it's doing that.

  • Gravatar Evgeny about 1 month

    @Kamal thanks for your reply! VPN works fine on another PC!

  • Gravatar sungkhum 24 days

    How would you remove OpenVPN AS once you installed it using this method? Thanks!

  • Gravatar Kamal Nasser 24 days

    @sungkhum: I believe this should work:

    sudo apt-get remove openvpn-as

  • Gravatar galvax 22 days

    This is great! thanks for the tutorial!

  • Gravatar mag335 10 days

    At first try everything was working perfect. But only at first try. Since then every time I will connect, I will be disconnected after 5-10 seconds. Doesn't matter on which machine I will try (laptop or phone). Rebuilding droplet and installing things again didn't helped. It always keeps disconnecting me after 5-10 seconds and then try to reconnect again. By disconnecting I mean internet disappear after 5-10 seconds, and then after 30 seconds I will see OpenVPN Connect reconnecting to server. This is link to log file from OpenVPN Connect: http://pastebin.com/q4Zf16Jm

  • Gravatar zahooi.net 6 days

    How to get an iphone working with openvpn as? Installation of the openvpn as server went well (Ubuntu 12.04) I downloadeded the app and filled in the URL of my openvpn server but nothing happens.

  • Gravatar dx486 5 days

    How can I make my Linux Mint 16 installed computer connect to my OpenVPN Access Server on digitalocean.com's Ubuntu VPS? I follow some guides online but certificate and private key files are needed. I don't know how to get them. Can you please explain this?

Leave a Comment

Create an account or login:
Ajax-loader