13 Jan

OpenVPN Access Server Essential Guide

logo

VPN Mode (Layer 2 or Layer 3)

vpnmode

Layer 2 = Use TAP interface, bridge your LAN to VPN Client. VPN client will reside within the same VPN segment. LAN Broadcast will works in this mode. Considered legacy, only Windows  vpn client support this method.

Layer 3 = Use TUN interface, VPN Client will be given a pool of ip address which is different from VPN segment. Better control and most of enterprise VPN deployment use this method.

vpnmode2

 

Create VPN User

By default, OpenVPN Access Server use PAM authentication, to add new vpn client we can just simply add a new user to our LINUX server.

root@advanxer:~# useradd nas
root@advanxer:~# passwd nas
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

adduser
If you checked “Allow Auto-login”, your vpn client will be automatically connect to vpn without entering any username/password, useful for automation.

Generate and download OpenVPN profile

Login to https://serverip and select “login”. Login option will allow you to download vpn profile, to connect to vpn server, select Connect.
openvpnlogin
Click on “Yourself (autologin profile) and keep the profile safely.

Connect to vpn server using CLI

Transfer the client profile to your box (in this example, to my OpenWRT router) via SCP. Your must have openvpn binary files installed prior to this.

root@OpenWrt:~# openvpn --config client.ovpn

If you received Initialization Sequence Completed, that’s mean the tunnel is up. You can verify using ifconfig and you will see new interface tun0 is there.

08 Jan

Install OpenVPN Access Server (Debian/Ubuntu)

logo
All configuration is performed in Virtual Private Server (VPS). If you have the intention to use VPS, make sure your provider support and enable TUN/TAP module in your VPS container. For the following example, I’m using Ramnode VPS (affiliate link) because of their good support, you can enable and disable TUN/TAP easily on your own and their price is relatively cheap. For myself, I’m subscribed to their OpenVZ SSD VPS (128MB RAM, 10GB SSD Space) for 20.40 USD Annually (USD1.70 per month). Don’t forget to enter the promotional code RN15OFF to enjoy 15% Recurring Discount off your VPS price.

Enable TUN/TAP

Go to your VPS Control Panel, and at the bottom you will see an option to enable TUN/TAP module. Turn it on and reboot your VPS.
2

Once boot up, check whether the module is enabled or not by executing below command:

root@advanxer:~# cat /dev/net/tun

If you receive the message File descriptor in bad state your TUN/TAP device is ready for use.
If you receive the message No such device the TUN/TAP device was not successfully created.

Download and Install OpenVPN Access Server

Go to OpenVPN Access Server download page and select your architecture. I’m using Debian 7 32bit OS.

root@advanxer:/home# wget http://swupdate.openvpn.org/as/openvpn-as-2.0.3-Debian7.i386.deb

Perform installation by executing:

root@advanxer:/home# dpkg -i openvpn-as-2.0.3-Debian7.i386.deb

Change openvpn default password:

root@advanxer:/home#  passwd openvpn

Now you can access OpenVPN Admin UI from below link:
Admin UI: https://serverip:943/admin
Client UI: https://serverip:943/

Incoming search terms:

  • TUN / TAP enable or disable on vps?