Tutorial
How To Install OpenVPN Access Server on Ubuntu 12.04
Status: Deprecated
This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:
- Upgrade to Ubuntu 14.04.
- Upgrade from Ubuntu 14.04 to Ubuntu 16.04
- Migrate the server data to a supported version
Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
Introduction
OpenVPN Access Server, from the official website is "a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments."
The installation of OpenVPN AS is much simpler compared to the traditional OpenVPN (without any GUI). Another great thing about about OpenVPN AS (Access Server) is that it has a mobile application for both Android and iOS platforms, enabling you to access your OpenVPN server on your smartphone as well.
Basic Server Setup
In this tutorial, we are using an Ubuntu 12.04 64-bit cloud server. Go ahead and create one to follow along. If you need help with this, you can refer to this tutorial here. After you have started up your cloud server, let's make some adjustments before we install OpenVPN AS. Please follow this guide to prepare our cloud server for installation.
Installing OpenVPN Acess Server
Let's begin by logging in as the root user. From here, download the OpenVPN AS package:
sudo wget http://swupdate.openvpn.org/as/openvpn-as-2.0.7-Ubuntu12.amd_64.deb
The above link is for 64-bit cloud servers since that is what we've decided to use. If by any chance you're using a 32-bit version, the download link would be:
sudo wget http://swupdate.openvpn.org/as/openvpn-as-2.0.7-Ubuntu12.i386.deb
To install OpenVPN AS, enter the following command:
dpkg -i openvpn-as-2.0.7-Ubuntu12.amd_64.deb
If you are using a 32-bit cloud server, enter the following command instead:
dpkg -i openvpn-as-2.0.7-Ubuntu12.i386.deb
That's it. OpenVPN AS is now installed. However, there are still some things left to do before we can use it. During the installation, OpenVPN has created a default admin user called 'openvpn'. We need to set a password for 'openvpn'. To do that, enter the following command:
sudo passwd openvpn
You'll be prompted to enter your desired password. Make sure your password is secure.
Administration and Client Software Setup
OpenVPN AS web interfaces can be found at:
Admin UI: https://YourIpAddress:943/admin Client UI: https://YourIPAddress:943/
Replace "YourIPAddress" with your actual cloud server's IP address. Then, head over to the Client UI to use the access server. You'll see a big bad security warning. But don't be alarmed, it is perfectly okay since we've self-signed our server's SSL. Ignore the warning and click Ok/Proceed and you'll be prompted for username and password. Enter 'openvpn' as the username and the password should be what you've set for 'openvpn' before. After filling out username/password, click 'Go' and you'll see a screen like this:
Download the 'OpenVPN Connect' software by clicking the link. After it has finished downloading, run it and enter your login credentials. And voilà! You are now connected to your OpenVPN Access Server.
You can login to the Admin UI if you need to make changes to your access server, although default settings works fine.
One more thing: remember that you can use OpenVPN access server with your smartphone? Download the official Android app here and the iOS app here.
Now, have fun with your OpenVPN Access Server!
Update:
As of OpenVPN Access Server v2.0, OpenVPN will no longer uses the 5.5.16.0/20 subnetwork for clients and will use the 172.27.240.0/20 subnet instead.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
About the author(s)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Get our newsletter
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Love it om nom nom - a snap to get this done!
To update OpenVPN to the latest version once it is already installed, you can perform the following steps. This will be different from what is posted in the directions above, as the OS build number and version number of OpenVPN will change from time to time. This works for when you only want to upgrade OpenVPN - not the whole system.
In a browser navigate to http://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu
Right click and copy the link to the current package appropriate to you.
In a shell (once you are connected to your VPN) type:
sudo wget
Then put a space and paste what you have copied from OpenVPN’s downloads page in step 2. In my case it was:
swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb
The OpenVPN version number and server build number are the ones that will likely change based on your setup, which is why we need the current path.
The complete command you will enter will look something like:
sudo wget swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb
sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.amd_64.deb (same theory applies as noted in step 3)
Preparing to replace openvpn-as 1.8.4-Ubuntu10 (using openvpn-as-1.8.5-Ubuntu12.amd_64.deb) … Upgrade detected (debian)… Unpacking replacement openvpn-as … Setting up openvpn-as (1.8.5-Ubuntu12) … Backing up configuration and DB files to /usr/local/openvpn_as/etc/backup prior to update.
Ok, I must be doing something wrong. I keep getting the “Problem loading page/Unable to connect” in Firefox (similar errors in other browsers) when I try to go to https://YourIpAddress:943 or https://YourIpAddress:943/admin. As best as I can tell, it installs correctly:
sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.i386.deb Selecting previously unselected package openvpn-as. (Reading database … 23524 files and directories currently installed.) Unpacking openvpn-as (from openvpn-as-1.8.5-Ubuntu12.i386.deb) … Setting up openvpn-as (1.8.5-Ubuntu12) … The Access Server has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Please enter “passwd openvpn” to set the initial administrative password, then login as “openvpn” to continue configuration here: https://YourIpAddress/admin To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
Access Server web UIs are available here: Admin UI: https://YourIpAddress:943/admin Client UI: https://YourIpAddress:943/
I’ve tried both the 1.8.4 and 1.8.5 on the Ubuntu 12.04 x32 512MB server and I get the same result with both. I’ve install Apache and I can access that just fine, so it’s not like the thing is unreachable. I’ve also tried to configure it using the /usr/local/openvpn_as/bin/ovpn-init tool, but haven’t had any luck there either.
I’ve spent the last couple of days trying to get both OpenVPN and OpenVPN-AS, and have had no luck getting them running, so any help would be greatly appreciated.
What’s the output of the following command (as root)? <pre>netstat -plutn | grep 943</pre>
I think I’ve got the problem solved. It could have been one of several problems on my end. I might not have reverted back to a snapshot without any openvpn installed, so openvpn and openvpn-as might have been conflicting with each other, or some of the config files that I had edited may have still been on the system. Also, if you’re using a domain name, https://www.domain-name.com:943 doesn’t work, but https://domain-name:943 does work. I was also trying to set this up while at work during some down time, so the firewall there could have been blocking the necessary ports.
I just installed Open VPN as on my VPS I can not start the service this error comes out, i hope can get some help thanks in advance for your help
Error:
process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t0: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t1: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t10: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t11: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t12: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t13: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t14: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t15: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t16: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t17: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t18: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t19: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t2: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t20: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:31 2013 Cannot open TUN/TAP dev /dev/as0t21: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t3: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t4: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t5: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t6: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t7: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t8: No such file or directory (errno=2)’] service failed to start or returned error status process started and then immediately exited: [‘Thu Aug 8 01:39:30 2013 Cannot open TUN/TAP dev /dev/as0t9: No such file or directory (errno=2)’] service failed to start or returned error status
@mario: Try running <pre>modprobe tun</pre> as root and restart OpenVPN - does that fix it?
thank you for your advice, but still do not work this came out
root@server:~# modprobe tun WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/. FATAL: Module tun not found. root@server:~# modprobe Usage: modprobe [-v] [-V] [-C config-file] [-d <dirname> ] [-n] [-i] [-q] [-b] [-o <modname>] [ --dump-modversions ] <modname> [parameters…] modprobe -r [-n] [-i] [-v] <modulename> … modprobe -l -t <dirname> [ -a <modulename> …]
@mario: Run <pre>sudo apt-get update && sudo apt-get dist-upgrade -y</pre>
Set your droplet to boot from the latest Ubuntu 12.04 (x32/x64 depending on your droplet’s OS image) kernel. Power it off via SSH <pre>sudo poweroff</pre> and boot it up from our control panel.
Then run <pre>modprobe tun</pre> and paste the output.
OK, this has been killing me. I’d like my VPN server to be semi-strong 256, not watching cat videos 128. Over the last week I have searched all over for how to do this, and started a thread on openvpn.net in regards to this. Nothing :( Can anyone please guide me on how this could be accomplished?
I was able to find how to set the handshake to 256, but not how to verify that the actual data stream is 256. The reason I suspect it is not is due to the fact that when I looked at the self generated SSL cert that was created as part of the process, it shows as 128.
So I guess I have two questions:
Thanks!
OK, so the nice folks over at openvpn.net finally answered me. The thread is here:
https://forums.openvpn.net/topic13529.html in case anyone wants to know the nitty gritty. Thanks to Will in DO’s TS as well!
The TLDR version - go to https://yourvpnaddress.tld:943/admin/advanced_vpn
for the client and server both (at the bottom), add these lines:
cipher AES-256-CBC keysize 256 auth sha256
under both server and client config directives. Save the changes so it reloads the new config. It didn’t explicitly say to download a new client after this, but I did this anyway, figuring it couldn’t hurt.
The answer to #1 is outlined clearly in the tread I linked above. Number 2 wasn’t addressed in that thread, but what I did to verify it was download a new client from my VPN server to look at the fresh logs. When it does it’s initial handshake, you have an opportunity to see the technical details about the connection. What I wanted to verify was found at the very bottom of the log files:
cipher AES-256-CBC auth sha256
@deekin: Sweet! I’m glad you figured out how to set it to 256-bit – I’m sure this will help other users in the future as well. :]
@deekin, Any particular advantages/reasons updating OpenVPN to the latest version?
Answer to my own question about what’s new in v1.8,5: https://openvpn.net/index.php/component/content/article/64-access-server-paid/general/531-release-notes-v185.html
Following this guide, I can use VPN on my iPhone!!! Thanks!
HOW TO INSTALL A PAGE TO MY IP PROXI
@vlinares94: What do you mean?
I installed openvpn-as using this guide, did all the kernel upgrades, upgraded openvpn-as to the newest version, did modprobe tun with shutdown and restart, and while the server runs, the client page hangs and the image just spins. Any idea?
@kyle.boddy: Please do not duplicate your questions.
<a href=“https://www.digitalocean.com/community/questions/install-openvpn-as-successfully-on-ubuntu-13-04-but-client-page-hangs”>https://www.digitalocean.com/community/questions/install-openvpn-as-successfully-on-ubuntu-13-04-but-client-page-hangs</a>
You have a small typo: “alramed” should be “alarmed”
Nice catch, Marc! I’ve corrected the article :]
They have update openvpn, you should link http://swupdate.openvpn.org/as/openvpn-as-2.0.1-Ubuntu12.amd_64.deb :)
I got this working, but how to you configure your dd-wrt router to connect to the openvpn server?
Tried it, love it, easy as pie
Great article! Helps me a lot! Thank you!
Any recommendations on the correct iptables rules to keep things secure/restricted while still allowing through VPN traffic?
Hey you spelled “Access” wrongly, u spelled it as “Acess”. Great article anyway, better that the one at Ubuntu Help Center, the command line configuration was stupid compared to your web interface, good job!
@ilikeperiodsmaximus: Thanks, I’ll update the article. :]
@xxdesmus: What do you mean by keeping things secure? Do you mean allowing only people who are connected to the VPN to e.g. access port 22 on your droplet (SSH)?
Sorry, I’m newbie and I have question quite…noob, I had follow this guide and connect success, I use 2 PC to connect VPN server and have 2 IP: 172.27.232.2 and 172.27.232.3, but I can’t ping together, I just thought VNP like I can access in local of that PC connect server VPN cuz they have same network !?! How can I apply VPN in reality, it’s mean build a networking services with VPN in real world !?!
I have a question on OpenVPN, I am a bit confused about it’s license, it says that it is Open Source, but you need to pay for a license? So if I actually set up an OpenVPN server I need to purchase a license if I want more than two concurrent users?
@clifford: OpenVPN is free and open-source. OpenVPN Access Server is limited to 2 clients only, you will have to pay for a license if you need more: <a href=“http://openvpn.net/index.php/access-server/pricing.html”>http://openvpn.net/index.php/access-server/pricing.html</a>.
I’ve been trying to set up a VPN server for the past few hours and got my share of cryptic errors - this article did the job in 3 minutes flat! Thanks a ton!
whats the point of using vpn on vps ?
This tutorial is truly super simple and failproof and wonder! thank you so much! :D
any tips on how I could share my ethernet lan internet to my vpn client connecting through wifi (a different lan)?
Thanks for great tutorial! I encountered a problem. After some time (5-10 minutes) the vpn-connection is broken and reconnected. It’s very annoying. Could you give advice how to handle this?
@Evgeny: Check openvpn’s error log and see if you can find anything on why it’s doing that.
@Kamal thanks for your reply! VPN works fine on another PC!
How would you remove OpenVPN AS once you installed it using this method? Thanks!
@sungkhum: I believe this should work: <pre>sudo apt-get remove openvpn-as</pre>
This is great! thanks for the tutorial!
At first try everything was working perfect.
But only at first try.
Since then every time I will connect, I will be disconnected after 5-10 seconds. Doesn’t matter on which machine I will try (laptop or phone).
Rebuilding droplet and installing things again didn’t helped. It always keeps disconnecting me after 5-10 seconds and then try to reconnect again.
By disconnecting I mean internet disappear after 5-10 seconds, and then after 30 seconds I will see OpenVPN Connect reconnecting to server.
This is link to log file from OpenVPN Connect:
http://pastebin.com/q4Zf16Jm
How to get an iphone working with openvpn as? Installation of the openvpn as server went well (Ubuntu 12.04)
I downloadeded the app and filled in the URL of my openvpn server but nothing happens.
How can I make my Linux Mint 16 installed computer connect to my OpenVPN Access Server on digitalocean.com’s Ubuntu VPS?
I follow some guides online but certificate and private key files are needed. I don’t know how to get them.
Can you please explain this?
DO NOT INSTALL “openvpn-as-1.8.4” it may cause heartbleed
@orinx: I’ve updated the tutorial to use the packages for openvpn-as-2.0.7
There is no OpenVpN Connect download link. How should i download my certs?
@gkhnky2015: On the most recent version, the screen looks like:
http://i.imgur.com/lW0nRlP.png
Install the client for your operating system, and click on of the links on the bottom to download your configuration info including the keys. Look for the link called: “Yourself (user-locked profile)”
ok thank you , i was trying to login directly admin page
Where can i find those .ovpn files to connect?