OpenVPN Access Server: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 46: Line 46:
'''6)''' Now we are going to check the OpenVPN AS web interface which can be found by default port 943 and your ip address, login using username openvpn and password what you set before. (After logging in you would need to click Agree to accept the License Agreement.
'''6)''' Now we are going to check the OpenVPN AS web interface which can be found by default port 943 and your ip address, login using username openvpn and password what you set before. (After logging in you would need to click Agree to accept the License Agreement.


Admin page: https://ip_address_or_domain:943/admin
* Admin page: https://ip_address_or_domain:943/admin


Client page: https://ip_address_or_domain:943/
* Client page: https://ip_address_or_domain:943/


Note: The server’s SSL is self-signed so not need to worry about the bad security warning
Note: The server’s SSL is self-signed so not need to worry about the bad security warning

Revision as of 17:02, 3 April 2016

A screenshot of Open VPN Client UI.
Logged in Open VPN Client UI


OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms. The server configurations options supported are a carefully selected subset of a quite large set of possible OpenVPN configurations. Thus, OpenVPN Access Server streamlines the configuration and management of an OpenVPN-based secure remote access deployment.

About OpenVPN

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).

Overview

OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.

Supported Operation Systems

OpenVPN currently supports all main operation systems such as Windows, Mac OS X, Android, iOS and Linux It is possible to download software for your machine on the official website or it is possible to get it after installation of Access Server and logging in with your credentials to your ip_address_or_domain_name:943 (port 943 is default can be changed in the config) and it is possible to download after logging in connection profile for autologin or user-locked profile. (possible to change those settings in the Admin panel of OpenVPN Access Server.

Pricing

OpenVPN is a free sorfware application which provides you 2 user license ( which means that 2 users/machines can be using current OpenVPN Access Server at the same time) after installation which is more then enough for a one person to use. Although it is possible to purchase more Licenses on official website for 9.60$ per concurrent user. And minimum license term is for one year.

Operating system to Host Access Server software

Currently, the Access Server software must be run on a 32-bit or 64-bit Linux host. The software is released in the form of binary package files for particular Linux distributions. Supported are RedHat, Fedora, CentOS, Ubuntu, Debian and openSUSE (Most RPM packages can be ran on the following systems: CentOS 6 and 7, Fedora 22, RHEL 6, openSUSE 13. The Deb packages can be ran on the following systems: Ubuntu 12, Debian 6,7,8)

Difference between Community Edition VPN and Access Server

Both Community Edition and Access Server is provided by OpenVPN and they both have something in common like: Secured VPN Tunnel, GUI Client, Bridging, Configurable Ciphers and Real-time compression. But Access Server provides more options such as Web Based GUI (it is possible to use VPN without need of downloading any additional software), Pre-configured Client (possible to download auto filled profile and Auto-login option available), Automated Certificate Creation (Access server web page will also be protected with encrypted https connection (TLS 1.2, The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.) Easy Deployment, Failover Solution, Simple User Management, Pre-built Virtual Appliances, Fill LDAP support, Easy Scalability, User-mode Client, Multi-daemon mode and DMZ mode.

Step by Step Installation and configuration tutorial on Ubuntu Linux host machine

Prerequisites: Ubuntu Linux machine and some Linux beginner skills. The installation of OpenVPN-AS is simple. In this tutorial I will be using Ubuntu 14.04 64-bit VPS server. Unfortunately, OpenVPN Assess Server cannot be installed using apt-get install, so we will be downloading installation files by ourselves.

1) First we would need to become root

Command: sudo su

2) We would need to download the latest software installation files from official website which can be found here: Official Download Page (Click on the needed Operation System and select needed version to download (32 bit or 64 bit and Ubuntu version 12 or 14) then right click on it and copy link)

3) Now we go back to our console panel and download the OpenVPN Access Server using wget and paste copied link before. File will be downloaded by default to root user home directory. (it is possible to change.) File will be something around 28 MB (my file 64bit Ubuntu Linux)

Command: wget http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu12.amd_64.deb

4) Now we install downloaded file using following command dpkg –i (And downloaded file name)

Command: dpkg –i openvpn-as-2.0.25-Ubuntu12.amd_64.deb

That’s it. OpenVPN AS is now installed. But there is some configurations needed before we can use it.

5) During the installation OpenVPN created admin user which is by default called “openvpn” but the password left empty for security reasons are are going to change the password using command (as root) after command you will be provided with be promted to enter password. Make sure your password is secure!

Command: passwd openvpn

6) Now we are going to check the OpenVPN AS web interface which can be found by default port 943 and your ip address, login using username openvpn and password what you set before. (After logging in you would need to click Agree to accept the License Agreement.

Note: The server’s SSL is self-signed so not need to worry about the bad security warning

7) Download needed OpenVPN Connect software by clicking the link. After it has finished downloading, run it and enter your credentials. And connection to your Access Server have been established. You can also download official Android or iOS application to use VPN on your smartphone. Note: You can also login to Admin Ul page if you want to add users or change settings, although the default settings works fine without any problems.

We are done! Have fun with your OpenVPN Access Server for free and be more secure using this encrypted connection.

Tutorial created by Artur Ovtsinnikov, if you have any questions it is possible to contact me by email.

See Also

A bit better Step-by-Step pdf tutorial with screenshots can be downloaded here: LINK

References

https://openvpn.net

https://openvpn.net/index.php/access-server/overview.html

https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150.html

https://en.wikipedia.org/wiki/OpenVPN

https://en.wikipedia.org/wiki/Pre-shared_key