Tutorial

How To Install and Configure an OpenVPN Access Server on CentOS 6.5

Published on April 4, 2014
How To Install and Configure an OpenVPN Access Server on CentOS 6.5

Status: Deprecated

This article covers a version of CentOS that is no longer supported. If you are currently operating a server running CentOS 6, we highly recommend upgrading or migrating to a supported version of CentOS.

Reason: CentOS 6 reached end of life (EOL) on November 30th, 2020 and no longer receives security patches or updates. For this reason, this guide is no longer maintained.

See Instead: This guide might still be useful as a reference, but may not work on other CentOS releases. If available, we strongly recommend using a guide written for the version of CentOS you are using.

Introduction

VPN, or virtual private network, is a secure method of connecting remote internet resources together as if they were under the same LAN. OpenVPN is a popular implementation that works on Linux, Windows, and Mac operating systems and can be utilized to create complex, encrypted networks between physically dispersed servers.

The OpenVPN Access Server is a solution built on top of traditional OpenVPN that is used as a complete portal for managing connections, users, and interfaces. It provides the underlying VPN instance, a web interface for managing the suite, and a client that can be used within a web browser.

In this guide, we’ll install and configure the OpenVPN Access Server on a CentOS 6.5 VPS instance.

Download and Install Packages

We can obtain the OpenVPN Access Server package for CentOS from the project’s website.

Right click on the package that matches your version of CentOS and your machine’s architecture. Select the “copy link address” item or whatever option is closest.

On your CentOS droplet, download the package with curl -O (that’s the letter “o” not a zero) followed by the URL you copied from the page. In my case, this turned out to be:

cd ~
curl -O http://swupdate.openvpn.org/as/openvpn-as-2.0.5-CentOS6.x86_64.rpm

When the package has been downloaded, you can install it with using the rpm command:

sudo rpm -i openvpn-as-2.0.5-CentOS6.x86_64.rpm

After installing the package, an administration account is created called openvpn. However, no password has been set.

Set a password for the administrator’s account by typing:

sudo passwd openvpn

Now, the command line configuration steps are complete. The rest of the guide will focus on configuring options through the web interface.

Accessing the Web Interface

We can access our VPN portal by going to our server’s IP address or domain name, at port 943. The server operates using TLS, so we will need to specify the https protocol.

For our initial interaction, we actually want to go to the administrative interface, which is the same, except ending with /admin:

<pre> https://<span class=“highlight”>server_ip_or_domain</span>:943/admin </pre>

You will get a warning that the site’s SSL certificates are not trusted:

OpenVPN access server ssl warning

This is expected and perfectly fine. All that this is telling us is that OpenVPN is using a self-signed SSL certificate, which is not trusted by default by our browser. We can click on the “Proceed anyway” button or whatever similar option you have.

Note: If you are unable to connect to the web interface, there’s a chance that OpenVPN is bound to the wrong network interface. You can verify this by typing:

  1. sudo netstat -plunt | grep openvpn

If the response does not show your server’s public IP address, you will need to manually reconfigure it by typing:

  1. sudo /usr/local/openvpn_as/bin/ovpn-init

Delete the current configuration by typing DELETE at the prompt. Next, accept the license agreement and press ENTER to mark this as the primary server. In the next prompt, select (1) all interfaces: 0.0.0.0 to bind to all interfaces. This will ensure that the access server is available in spite of a bind error in the OpenVPN installer. Press ENTER to accept the default values of the remaining prompts.

After reconfiguring, you should be able to access the web interface after accepting the SSL certificate in your browser.

You will be presented with the admin login page. Use the username openvpn and the password you set for this user:

OpenVPN access admin login

You will be taken to the OpenVPN Access Server’s EULA, which you will have to agree to if you wish to continue:

OpenVPN access EULA

Once you log in, you can see the administrative interface, complete with some useful at-a-glance stats on the landing page:

OpenVPN admin landing

Here, you can configure your VPN server. The access server separates the web interface and the actual VPN access and each can be configured independently.

For instance, if you go to the Server Network Settings in the left-hand menu, you will see a page where you can configure the port and interface that each component operates on. You can also specify the address pool that will be available to the clients.

Another thing you might want to do is add users and configure the authentication methods. You can add VPN users that match your system users, or add users that you might be controlling through an LDAP server.

Logging in as a Client

When you are finished configuring things as an admin, you can visit the client portion by going to your IP address or domain name followed by port 943:

<pre> https://<span class=“highlight”>server_ip_or_domain</span>:943 </pre>

You will have to type in a username of a user that you have configured VPN access for:

OpenVPN client login

If you the user that you logged in as has been designated as an OpenVPN admin account, you will see an “Admin” button that can be used to take you back to the admin control panel. Either way, you will be taken to a page that will allow you to download software for your client to connect to the VPN server:

OpenVPN client software

If your desktop is Windows or OS X, or if you have an android or iOS device, you can download an OpenVPN Connect client that will operate within your browser. If your desktop is a Linux machine, you will be asked to download the normal VPN client.

You should follow the directions of the client of your choice. If you are using the Linux client, you’ll need to download the connection settings profile by clicking on the “Yourself” link:

OpenVPN download yourself

Using the regular Linux openvpn client, you can connect using something like this:

sudo openvpn --config client.ovpn

Conclusion

Now, you should have a portal that can be used to configure your VPN access. This is an easy to manage interface that can be set up once and configured on-the-fly. It automatically generates valid configuration files for your users to connect to the server, which can save a lot of headaches with explaining how to configure access.

<div class=“author”>By Justin Ellingwood</div>

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us


About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

I can’t access the OpenVPN Access Server on my browser

it say’s

This page is not working

xxx.xxx.xxx.xxx didn’t send any data.

ERR_EMPTY_RESPONSE

and i have checked the ip and it was okay

root@xxxxx:~# netstat -plunt | grep openvpn
tcp        0      0 0.0.0.0:443              0.0.0.0:*               LISTEN      8174/openvpn-openss
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           8209/openvpn-openss

Getting “site can’t be reached”. I believe this is because the tech writer assumed all other requirements such as firewall settings and such had been setup properly. This tutorial doesn’t work out of the box, so to speak, at least for me it didn’t.

This comment has been deleted

    I installed according to the guide on a fresh centos 6.7 x32 . But i cant access admin or client web ui. Browser says error connection refused.

    How can you get CA, and make the certificates? —Never mind: found the info here: Make a new folder in /usr/local/openvpn_as/scripts named keysss and run: ./sacli -a openvpn -o /keysss --cn openvpn get5

    —Still need to figure out how to make the pk key though…?

    Its licensed unable to add more then 2 users Please share that how to add user and give permissions also there free version available for unlimited users.

    How do i add new users?

    Thanks, Suresh

    So this guide is simple and more useful than other. Thanks for inform

    what is the difference of this tutorial https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-6 your tutorial is easier than that but which is the best.

    This comment has been deleted

      Try DigitalOcean for free

      Click below to sign up and get $200 of credit to try our products over 60 days!

      Sign up

      Join the Tech Talk
      Success! Thank you! Please check your email for further details.

      Please complete your information!

      Get our biweekly newsletter

      Sign up for Infrastructure as a Newsletter.

      Hollie's Hub for Good

      Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

      Become a contributor

      Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

      Welcome to the developer cloud

      DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

      Learn more
      DigitalOcean Cloud Control Panel