Access Server

Follow us

Deploying the ESXi OpenVPN Site-to-Site Client



Introduction

In order to make it convenient for you to deploy your site-to-site setups using Access Server, we have went ahead and preconfigured an appliance that you can use right away with minimal initial configuration. To start using the appliance, you must have a virtualization platform that supports the import of OVF/OVA files. While other products besides ESXi may support the import of these files, we cannot guarantee that the appliance will work under these conditions. This appliance is provided on an "as-is" basis, and no implicit or explicit warranties of any kind are offered through the use of this appliance. OpenVPN Technologies, Inc. will not be responsible for any damages or liabilities caused from your use of this appliance. You are using this appliance at your own risk!

Downloading and Running the Virtual Machine

The 64-bit virtual appliance is distributed as a .OVA file that can be imported into your current virtual machine repository. To import the appliance, launch the VMWare vSphere Client and login to your VMWare Infrastructure server with your credentials. (Please note that the appliance itself runs in a 64-bit OS, and therefore requires that your CPU support the proper virtualization optimizations. If your CPU does not support these, you will not be able to run this appliance.)

After logging in to your server with an account that has the permission to create/import a new virtual machine, click the File menu, and then select Deploy OVF Template....

Enter the following URL when requested:

http://as.thedavid.net/OpenVPN%20Client.ova

Follow the Deploy OVF Template wizard to complete the import of your new appliance.

Initial Setup of the OpenVPN Client

The appliance downloaded from this website comes depersonalized and must be personalized before it can be used. Please follow the instructions below in order to customize your OpenVPN Access Server appliance.

Upon the initial startup of the appliance, you will be asked to login to the console of the appliance.
To do so, use the following credentials:
Username: root
Password: debian

Generation of Server Side SSH Keys (required)

The appliance comes with OpenSSH Server installed. However, the server side SSH keys are removed to ensure each appliance has a unique identity. For such, you will need to generate new unique keys before SSH can be used on the appliance. To do so, run the following commands (please note that the double single quotes are required at the end):
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
service ssh start

If you do not plan to use SSH to manage your appliance, you may elect to uninstall it by using the following command:
apt-get remove --purge openssh-server

Changing the Root Password (recommended)

The root password is the equivalent of an administrator password in the Windows environment. Anyone who has this password would also have full control over the appliance. Becuase this is set to a default password of 'debian', it should be changed to something secure, especially if you plan to use this appliance in production environments.

To do so, execute the follow command (you will be asked for your new root password):
passwd

Configure Static IP Addressing (optional)

The appliance by default automatically obtains networking information from DHCP. If your network has no DHCP server and/or you would like to manually assign an IP address to your OpenVPN Client appliance, please follow the steps below:

  1. Type the command: nano /etc/network/interfaces into the console and press Enter.
  2. Use the down arrow keys to scroll down to the iface eth0 inet dhcp line, and change dhcp to static.
  3. Add the following lines using the template below:
    address 'ipAddr'
    netmask 'subnet'
    gateway 'gw'
    dns-nameservers 'dns1' 'dns2'

For example, if you would like to configure your appliance to have an IP address of 192.168.0.100, and subnet mask of 255.255.255.0, a gateway of 192.168.0.1, and nameservers of 4.2.2.1 and 4.2.2.2, your configuration will look like this:

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 4.2.2.1 4.2.2.2

Once you are done, press CTRL+O, and then press Enter. Then press CTRL+X to exit the editor.
To activate the new configuration, run the following command: ifdown eth0 && ifup eth0.

Changing Default Timezone (optional)

The default timezone is set to US (Pacific - Los Angeles). If you reside at another timezone and you would like to change this setting, run the following command (you will be asked what timezone you would like to set):

dpkg-reconfigure tzdata

The system will show the new local time after this setting is configured.

Updating Operating System Software (recommended)

From the time we have generated the appliance and the time you have downloaded and are using the appliance, many operating system updates might have became available. To make sure your appliance operating system is up to date, execute the following command:

apt-get update && apt-get upgrade