Use-cases for the OpenVPN Access Server product

Introduction

It's important to note that due to the flexibility of computer networks and the OpenVPN Access Server product, there are many use-cases possible. The following example use-cases are not exhaustive but they do showcase the possibilities fairly well. If you have any doubts if the product will fit your requirements please contact us and explain your situation so we can determine if it will work in your environment.

The use-cases for Access Server assume that you are going to install the product on a server you provide. In many of the use-cases for VPN connectivity, this is a requirement. Some use-cases for VPN connectivity are limited purely to Internet access, and securing this access. In such a case a VPN service provider such as Private Tunnel may be more suited and does not require your own server. For any use-case that involves accessing your own server systems however, you will need a product such as Access Server on your own server.

Securely accessing company resources from anywhere

Whether you have servers in your office, or a datacenter somewhere, or a cloud based system that contains the programs and files that you need to work with at home or on the road, the OpenVPN Access Server can be installed and offer secure access. In the diagram on the right, users on their desktop computers and mobile devices are using the OpenVPN client program to make a secure connection over the Internet to the OpenVPN Access Server. Depending on how you configure the access control rules in the Access Server, users can then transparently access either all of the resources there, or only specific systems or services.

Site-to-site connections to bring networks together

Using the client-server model in the OpenVPN Access Server it is possible to connect a Linux client system in one network to an OpenVPN Access Server in another network, and use this connected client as a VPN concentrator or VPN client gateway system. Both terms mean to say that traffic from a whole network can go through the already established VPN tunnel between the client and the server and reach the other network. Traffic can pass in both directions which makes it possible to connect two networks together and makes accessing resources from one network on the other network transparent and easy.

Multiple networks, subnets, gateways, and servers

No matter how complex your existing setup is, the OpenVPN Access Server should integrate well. It is capable of sending specific IP addresses and ranges of traffic from a VPN client through the server, and sending client Internet traffic through the VPN tunnel as well, or not, depending on what you configure. It can forward traffic coming in through the VPN tunnel intended for another subnet through the specified gateway server (handled in the OS routing table). It can be used to connect multiple different networks together in a site-to-site setup. Access Servers can be connected with each other to give access to each other's resources or VPN clients.

Basically, if it can be routed, the OpenVPN Access Server should be able to handle it. If in doubt please contact us and explain your situation so we can advise you further.

Secure Internet traffic or contact limited access systems

An OpenVPN Access Server installed in a datacenter or cloud system can be used to secure your client devices' Internet connection. If for example you are on a public network then it may be wise to ensure that all your Internet traffic goes into a secure encrypted VPN tunnel and to your own Access Server. From there the traffic can continue to its destination, and responses are sent back via the same path. This way programs and people snooping on the network you're on can only see encrypted packets of data which are useless to them.

Another use-case for the type of setup shown in the diagram here is the ability to have traffic from connected VPN clients appear to come from the public address of the OpenVPN Access Server itself. This is useful if you have a server on the Internet or in a datacenter that blocks all access except from a whitelist of specific IP addresses that do have access. You can have VPN clients connect to the Access Server and have it handle the traffic for only that limited access system. This traffic will then appear to be coming from the Access Server, which you can add to your whitelist. Any connected VPN client will then have access to this server in a secure manner.

To simply only secure Internet traffic through a VPN tunnel, without any additional requirements as mentioned above, a service such as Private Tunnel may be very suitable instead.