Access Server

Follow us

Deploy OVF template on VMWare ESXi 4.1



How to: deploy OVF template on VMWare ESXi 4.1

This tutorial is unfinished and scary because the OVF template is pretty old.

This page documents the steps to install OpenVPN Access Server 1.8.3 on an already existing and working VMware ESXi 4.1 hypervisor server. First of all make sure you have vSphere client installed and running on a Windows computer. You will need this to perform the steps described here. You can download this for free from VMware's website or from the webpage on your VMWare ESXi 4.1 hypervisor (https://ipaddressofhypervisor/). Screenshots are available for every step of the way - simply click the blue line and the appropriate picture will load up.

Start VMware vSphere Client and connect to the server by entering its IP address, root username and password. Then click 'Login'.

If this is the first time you open vSphere, or you don't see the list of virtual machines displayed on the left, you'll need to click 'Inventory'.

In the 'File' menu click on 'Deploy OVF Template...'

Copy and paste the URL below into the text input field and click 'Next'.

http://swupdate.openvpn.org/esxi/OpenVPN-AS/OpenVPN-AS.ovf

An overview of the OVF Template Details is shown. Click 'Next'.

In the 'Name and Location' section you provide a descriptive name for your Access Server. Then click 'Next'.

In the 'Datastore' section you must choose a valid datastore with at least 16GB free space. Then click 'Next'.

In the 'Disk Format' section you can choose Thin or Thick Provisioning. For performance reasons I advise Thick Provisioning. Then click 'Next'.

You should now be shown a 'Ready to Complete' overview of the deployment that you're about to start. Click 'Finish'.

A progress indicator will show how far along the download of the OVF Template is. Please be patient.

Once the installation of the OVF Template is complete, you can close the progress window by clicking on 'Close'.

Right-click on the 'OpenVPN Access Server' now visible in the list of virtual machines in the left panel, and click on 'Edit Settings'.

In the 'Virtual Machine Properties' view you can change the 'hardware' specifications. Select the correct network for each adapter and click 'Ok'.

This step requires some explanation. OpenVPN Access Server has to be able to fit into almost any network situation. To accommodate this, the virtual appliance comes with 2 network adapters standard, and more can be added. If you intend to use OpenVPN Access Server as an addition to an already existing network, purely to handle incoming VPN traffic and routing it to the correct internal subnets in your existing network, then you will most likely only need 1 network adapter. For simplicity, my tutorial will concentrate on this scenario and configure only 1 network interface. The second interface is still there but left unused. If your VMware ESXi server has only one physical network connection to your local network then the default virtual switch labelled "VM Network" should be correct.

Right-click on the ‘OpenVPN Access Server’ in the list of virtual machines in the left panel, and hover on 'Power' then click on 'Power On'.

Right-click on the 'OpenVPN Access Server' again and click 'Open Console'.

You should now see the console and after a minute or so the 'openvpnas login:' prompt should be visible.

Click anywhere in the black area. Now log in with login name 'root' and password 'openvpnas'. Press CTRL+ALT to release mouse/keyboard.

Important! Once you click in the black area - the console of the virtual machine - all your mouse and keyboard inputs are sent to the virtual machine! To get out of this, press CTRL+ALT on your keyboard. Inputs are then no longer sent to the virtual machine until you click in the console again.

Type the command 'nano /etc/network/interfaces' and press enter.

The 'GNU nano' text editor will open the file '/etc/network/interfaces' now. This program works like any other text editor.

Uncomment and change the lines under the header: The primary network interface'. Provide a free IP address, subnet mask and the gateway.

This should of course be obvious but let me be clear; this is where you define a local private IP address that the OpenVPN Access Server will respond to. Obviously it has to be an IP address that is not yet in use in your network and should be in the same subnet. So if your router is on 192.168.1.1 and your computer is on 192.168.1.100, then it follows logically that this OpenVPN Access Server should have an IP address that starts with 192.168.1. The last digit has to be an unused one and so should be between 2 and 254 but not 100 (since that's taken); for example 192.168.1.220 - or in my tutorial with my setup in the 192.168.47.0 range; 192.168.47.220. This address is where we will access the webbased interface and set up things from there. It will also be the IP address that VPN tunnel traffic should be directed to from the internet through your router/gateway using port forwarding or NAT/firewall rules. Other network setups are also possible but for simplicity we will continue the tutorial under the assumption that there is an already existing and working network with a router/gateway.

Once you've entered the correct IP address, netmask and gateway address, press CTRL+X to save the file. Confirm by pressing Y.

You will be asked what filename to save it as. It is important not to change this. Simply press enter to save the file.

You will see a confirmation message that says 20 lines of text were saved. Now type 'ifup eth0' and press enter.

Set a password to login to the webbased interface by typing 'passwd openvpn' and entering the new password twice.

Change the default 'root' password (openvpnas) to something more secure by typing 'passwd root' and entering the new password twice.

You're done with the console setup. Type 'clear; exit' and press enter to log out.

You will see the logout message/login prompt. Close this window. (don't worry, your VM will still be running on the VMware ESXi server)

Open a browser (I used Chrome) and type https:// followed by the IP address you configured earlier. (https://192.168.47.200/ in my example)

You get a scary message that the site is not trusted; this is normal and correct behaviour. Confirm the message and continue.