OpenVPN Access Server: Difference between revisions
mNo edit summary |
|||
(16 intermediate revisions by one other user not shown) | |||
Line 3: | Line 3: | ||
OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms. The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. | OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms. The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. OpenVPN was written by James Yonan and is published under the GNU General Public License (GPL). <ref>[https://openvpn.net/index.php/access-server/overview.html] Information about OpenVPN</ref> | ||
__TOC__ | |||
=== Overview=== | === Overview=== | ||
OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control. | OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control. <ref>[https://openvpn.net/index.php/access-server/overview.html] OpenVPN Overview</ref> <ref>[https://en.wikipedia.org/wiki/OpenVPN] OpenVPN Wikipedia</ref> | ||
=== Supported Operation Systems=== | === Supported Operation Systems=== | ||
OpenVPN currently supports all main operation systems such as Windows, Mac OS X, Android, iOS and Linux It is possible to download software for | OpenVPN currently supports all main operation systems such as Windows, Mac OS X, Android, iOS and Linux It is possible to download software for the machine on the official website or it is possible to get it after installation of Access Server and logging in with the credentials to server ip_address_or_domain_name:943 (port 943 is default can be changed in the config) and it is possible to download after logging in connection profile for autologin or user-locked profile. (possible to change those settings in the Admin panel of OpenVPN Access Server.<ref>[https://openvpn.net/index.php/access-server/overview.html] Information about Supported Operation Systems</ref> | ||
=== Pricing=== | === Pricing=== | ||
OpenVPN is a free sorfware application which provides | OpenVPN is a free sorfware application which provides 2 user license ( which means that 2 users/machines can be using current OpenVPN Access Server at the same time) after installation which is more then enough for a one person to use. Although it is possible to purchase more Licenses on official website for 9.60$ per concurrent user. And minimum license term is for one year.<ref>[https://openvpn.net/index.php/access-server/section-faq-openvpn-as/pricing.html] Pricing OpenVPN</ref> | ||
== Operating system to Host Access Server software== | == Operating system to Host Access Server software== | ||
Currently, the Access Server software must be run on a 32-bit or 64-bit Linux host. The software is released in the form of binary package files for particular Linux distributions. Supported are RedHat, Fedora, CentOS, Ubuntu, Debian and openSUSE (Most RPM packages can be ran on the following systems: CentOS 6 and 7, Fedora 22, RHEL 6, openSUSE 13. The Deb packages can be ran on the following systems: Ubuntu 12, Debian 6,7,8) | Currently, the Access Server software must be run on a 32-bit or 64-bit Linux host. The software is released in the form of binary package files for particular Linux distributions. Supported are RedHat, Fedora, CentOS, Ubuntu, Debian and openSUSE (Most RPM packages can be ran on the following systems: CentOS 6 and 7, Fedora 22, RHEL 6, openSUSE 13. The Deb packages can be ran on the following systems: Ubuntu 12, Debian 6,7,8) <ref>[https://openvpn.net/index.php/access-server/section-faq-openvpn-as/general/136-which-operating-system-does-the-access-server-software-support.html] FAQ OpenVPN</ref> | ||
== Difference between Community Edition VPN and Access Server== | == Difference between Community Edition VPN and Access Server== | ||
Both Community Edition and Access Server is provided by OpenVPN and they both have something in common like: Secured VPN Tunnel, GUI Client, Bridging, Configurable Ciphers and Real-time compression. But Access Server provides more options such as Web Based GUI (it is possible to use VPN without need of downloading any additional software), Pre-configured Client (possible to download auto filled profile and Auto-login option available), Automated Certificate Creation (Access server web page will also be protected with encrypted https connection (TLS 1.2, The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.) Easy Deployment, Failover Solution, Simple User Management, Pre-built Virtual Appliances, Fill LDAP support, Easy Scalability, User-mode Client, Multi-daemon mode and DMZ mode. | Both Community Edition and Access Server is provided by OpenVPN and they both have something in common like: Secured VPN Tunnel, GUI Client, Bridging, Configurable Ciphers and Real-time compression. But Access Server provides more options such as Web Based GUI (it is possible to use VPN without need of downloading any additional software), Pre-configured Client (possible to download auto filled profile and Auto-login option available), Automated Certificate Creation (Access server web page will also be protected with encrypted https connection (TLS 1.2, The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.) Easy Deployment, Failover Solution, Simple User Management, Pre-built Virtual Appliances, Fill LDAP support, Easy Scalability, User-mode Client, Multi-daemon mode and DMZ mode. <ref>[https://openvpn.net] VPN Solution</ref> | ||
== | <ref>[https://openvpn.net/index.php/access-server/section-faq-openvpn-as/general/136-which-operating-system-does-the-access-server-software-support.html] VPN Solutions and differences</ref> | ||
==Installation== | |||
Prerequisites: Ubuntu Linux machine and some Linux beginner skills. | Prerequisites: Ubuntu Linux machine and some Linux beginner skills. | ||
The installation of OpenVPN-AS is simple. In this tutorial I will be using Ubuntu 14.04 64-bit VPS server. | The installation of OpenVPN-AS is simple. In this tutorial I will be using Ubuntu 14.04 64-bit VPS server. | ||
Unfortunately, OpenVPN Assess Server cannot be installed using apt-get install, so | Unfortunately, OpenVPN Assess Server cannot be installed using apt-get install, so manual installation steps can be found in this tutorial. | ||
=== Step by Step Installation tutorial on Ubuntu Linux host machine=== | |||
'''1)''' First | '''1)''' First it is needed to become root user | ||
''Command:'' <code> sudo su</code> | ''Command:'' <code> sudo su</code> | ||
'''2)''' | '''2)''' It is needed to download the latest software installation files from official website which can be found here: [https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html Official Download Page] (Click on the needed Operation System and select needed version to download (32 bit or 64 bit and Ubuntu version 12 or 14) then right click on it and copy link) | ||
'''3)''' Now | '''3)''' Now it is possible to go back to server console panel and download the OpenVPN Access Server using wget and paste copied link before. File will be downloaded by default to the folder where user currently are. (it is possible to change, use pwd to see current directory) File will be something around 28 MB (for 64bit Ubuntu Linux) | ||
''Command:'' <code>wget http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu12.amd_64.deb </code> | ''Command:'' <code>wget http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu12.amd_64.deb </code> | ||
'''4)''' Now | '''4)''' Now it is possible to install downloaded file using following command dpkg –i (downloaded file name) | ||
''Command:'' <code>dpkg –i openvpn-as-2.0.25-Ubuntu12.amd_64.deb</code> | ''Command:'' <code>dpkg –i openvpn-as-2.0.25-Ubuntu12.amd_64.deb</code> | ||
This is it. OpenVPN AS is now installed. But there is some configurations needed before using it. | |||
'''5)''' During the installation OpenVPN created admin user which is by default called “openvpn” but the password left empty for security reasons | '''5)''' During the installation OpenVPN created admin user which is by default called “openvpn” but the password left empty for security reasons it is needed to be changed using command (as root) after it user will be provided to enter password. Make sure the password is secure! | ||
''Command:'' <code>passwd openvpn</code> | ''Command:'' <code>passwd openvpn</code> | ||
'''6)''' Now | '''6)''' Now the OpenVPN AS web interface is ready, it can be found by default port 943 and server ip address, login using username openvpn and password that have been set before. (After logging in user would need to click Agree to accept the License Agreement. | ||
* Admin page: https://ip_address_or_domain:943/admin | * Admin page: https://ip_address_or_domain:943/admin | ||
Line 52: | Line 58: | ||
Note: The server’s SSL is self-signed so not need to worry about the bad security warning | Note: The server’s SSL is self-signed so not need to worry about the bad security warning | ||
'''7)''' Download needed OpenVPN Connect software by clicking the link. After it has finished downloading, run it and enter | '''7)''' Download needed OpenVPN Connect software by clicking the link. After it has finished downloading, run it and enter user credentials. And connection to the Access Server have been established. It is also possible to download official Android or iOS application to use VPN on the smartphone. | ||
Note: | Note: There is also a possibility to login to Admin Ul page if it is needed to add users or change settings, although the default settings works fine without any problems. | ||
Done! OpenVPN Access Server have been installed and configured for free and user can be more secure using this encrypted connection. | |||
Tutorial created by Artur Ovtsinnikov using Linux Ubuntu 14.02 at 03.04.2016, if any questions appear please contact me by email. | |||
==Summary== | |||
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. | |||
OpenVPN Access Server is amazing, free (2 license) and user friendly VPN service which can be installed on any Linux machine and used as much as needed without additional cost, logs can be deleted and only the owner of the server see the traffic which makes it even better and safer. The installation and configuration of the Access Server is very easy and can be done in easy 7 steps. | |||
I have been using this for years and would recommend it to everyone who is interested in having their own VPN. | |||
== See Also== | == See Also== | ||
A bit better Step-by-Step pdf tutorial with screenshots can be downloaded here: | A bit better Step-by-Step pdf tutorial with screenshots can be downloaded here: [http://cloud.arturich.tk/Access%20Server.pdf LINK] | ||
==References== | |||
{{reflist|30em}} | |||
[[Category:Operatsioonisüsteemide administreerimine ja sidumine]] |
Latest revision as of 23:40, 29 January 2017
OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms. The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment. OpenVPN was written by James Yonan and is published under the GNU General Public License (GPL). [1]
Overview
OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control. [2] [3]
Supported Operation Systems
OpenVPN currently supports all main operation systems such as Windows, Mac OS X, Android, iOS and Linux It is possible to download software for the machine on the official website or it is possible to get it after installation of Access Server and logging in with the credentials to server ip_address_or_domain_name:943 (port 943 is default can be changed in the config) and it is possible to download after logging in connection profile for autologin or user-locked profile. (possible to change those settings in the Admin panel of OpenVPN Access Server.[4]
Pricing
OpenVPN is a free sorfware application which provides 2 user license ( which means that 2 users/machines can be using current OpenVPN Access Server at the same time) after installation which is more then enough for a one person to use. Although it is possible to purchase more Licenses on official website for 9.60$ per concurrent user. And minimum license term is for one year.[5]
Operating system to Host Access Server software
Currently, the Access Server software must be run on a 32-bit or 64-bit Linux host. The software is released in the form of binary package files for particular Linux distributions. Supported are RedHat, Fedora, CentOS, Ubuntu, Debian and openSUSE (Most RPM packages can be ran on the following systems: CentOS 6 and 7, Fedora 22, RHEL 6, openSUSE 13. The Deb packages can be ran on the following systems: Ubuntu 12, Debian 6,7,8) [6]
Difference between Community Edition VPN and Access Server
Both Community Edition and Access Server is provided by OpenVPN and they both have something in common like: Secured VPN Tunnel, GUI Client, Bridging, Configurable Ciphers and Real-time compression. But Access Server provides more options such as Web Based GUI (it is possible to use VPN without need of downloading any additional software), Pre-configured Client (possible to download auto filled profile and Auto-login option available), Automated Certificate Creation (Access server web page will also be protected with encrypted https connection (TLS 1.2, The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.) Easy Deployment, Failover Solution, Simple User Management, Pre-built Virtual Appliances, Fill LDAP support, Easy Scalability, User-mode Client, Multi-daemon mode and DMZ mode. [7] [8]
Installation
Prerequisites: Ubuntu Linux machine and some Linux beginner skills. The installation of OpenVPN-AS is simple. In this tutorial I will be using Ubuntu 14.04 64-bit VPS server. Unfortunately, OpenVPN Assess Server cannot be installed using apt-get install, so manual installation steps can be found in this tutorial.
Step by Step Installation tutorial on Ubuntu Linux host machine
1) First it is needed to become root user
Command: sudo su
2) It is needed to download the latest software installation files from official website which can be found here: Official Download Page (Click on the needed Operation System and select needed version to download (32 bit or 64 bit and Ubuntu version 12 or 14) then right click on it and copy link)
3) Now it is possible to go back to server console panel and download the OpenVPN Access Server using wget and paste copied link before. File will be downloaded by default to the folder where user currently are. (it is possible to change, use pwd to see current directory) File will be something around 28 MB (for 64bit Ubuntu Linux)
Command: wget http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu12.amd_64.deb
4) Now it is possible to install downloaded file using following command dpkg –i (downloaded file name)
Command: dpkg –i openvpn-as-2.0.25-Ubuntu12.amd_64.deb
This is it. OpenVPN AS is now installed. But there is some configurations needed before using it.
5) During the installation OpenVPN created admin user which is by default called “openvpn” but the password left empty for security reasons it is needed to be changed using command (as root) after it user will be provided to enter password. Make sure the password is secure!
Command: passwd openvpn
6) Now the OpenVPN AS web interface is ready, it can be found by default port 943 and server ip address, login using username openvpn and password that have been set before. (After logging in user would need to click Agree to accept the License Agreement.
- Admin page: https://ip_address_or_domain:943/admin
- Client page: https://ip_address_or_domain:943/
Note: The server’s SSL is self-signed so not need to worry about the bad security warning
7) Download needed OpenVPN Connect software by clicking the link. After it has finished downloading, run it and enter user credentials. And connection to the Access Server have been established. It is also possible to download official Android or iOS application to use VPN on the smartphone. Note: There is also a possibility to login to Admin Ul page if it is needed to add users or change settings, although the default settings works fine without any problems.
Done! OpenVPN Access Server have been installed and configured for free and user can be more secure using this encrypted connection.
Tutorial created by Artur Ovtsinnikov using Linux Ubuntu 14.02 at 03.04.2016, if any questions appear please contact me by email.
Summary
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. OpenVPN Access Server is amazing, free (2 license) and user friendly VPN service which can be installed on any Linux machine and used as much as needed without additional cost, logs can be deleted and only the owner of the server see the traffic which makes it even better and safer. The installation and configuration of the Access Server is very easy and can be done in easy 7 steps. I have been using this for years and would recommend it to everyone who is interested in having their own VPN.
See Also
A bit better Step-by-Step pdf tutorial with screenshots can be downloaded here: LINK