Superuser Access<\/strong>: Switch to superuser for administrative tasks:<\/p>\n\n\n\n Run the command below to initialize or reinitialize the server configuration.<\/p>\n\n\n\n Follow on-screen instructions, opting for default settings when prompted.<\/p>\n\n\n Set a secure password for the default ‘openvpn’ user:<\/p>\n\n\n\n Access the OpenVPN admin panel through your browser at Log in using the ‘openvpn’ user credentials.<\/p>\n\n\n Update your DNS settings to point your server IP to your desired subdomain.<\/p>\n\n\n\n Update the server’s hostname with the below command<\/p>\n\n\n\n Reflect this change in the OpenVPN Admin Panel under <\/p>\n\n\n Purchase and activate a license for OpenVPN Server from the official OpenVPN pricing page<\/a>.<\/p>\n\n\n In the Admin Panel, navigate to Create a new user and configure as needed, ensuring the ‘Auto-login’ option is enabled if necessary.<\/p>\n\n\n If desired, enable Google Authenticator MFA from the Generate a CSR and private key on your server.<\/p>\n\n\n\n Obtain an SSL certificate from your preferred provider and upload it through the Admin Panel under Save all changes and update the running configuration as prompted.<\/p>\n\n\n\n Download the user profile for VPN access from If you are using a cloud instance as a Jump server, you can configure security by configuring firewall rules within the security panel to permit connections exclusively from the VPN’s IP address to the Jump Server instance. This ensures that only authorized VPN connections can access the Jump server, bolstering your network’s security. 1. Log in to the AWS Management Console<\/strong>:Sign in to your AWS account using your credentials. If you are using an on-premise server or VPS as the Jump server, you can configure the necessary firewall rules directly within the firewall management tools available on that server or VPS. Generate an SSH Key Pair by using the ‘ssh-keygen’ command, which will create a key pair. Share the Public Key by sending the contents of the ‘id_rsa.pub’ key file to the production server and appending it to the ‘\/.ssh\/authorized_keys’ file. Finally, test the SSH key by attempting to log in with ‘ssh user@remote-server’ for secure and passwordless access. These steps ensure a streamlined and secure connection process between your local and remote machines.<\/p>\n\n\n\nsudo su<\/pre>\n\n\n
2. Server Configuration Initialization<\/h5>\n\n\n
ovpn-init --force<\/pre>\n\n\n\n
3. User Password Setup<\/h5>\n\n\n
passwd openvpn<\/pre>\n\n\n
4. Admin Panel Access<\/h5>\n\n\n
https:\/\/[your-server-ip]:943\/admin<\/code>.<\/p>\n\n\n\n5. Hostname and DNS Configuration<\/h5>\n\n\n
hostnamectl set-hostname [your-subdomain]<\/pre>\n\n\n\n
Configuration > Network Settings<\/code>.<\/p>\n\n\n\n![\"Setting](\"https:\/\/www.veeble.org\/kb\/wp-content\/uploads\/2023\/10\/step6.png\")
<\/a><\/figure>\n\n\n\n6. Licensing<\/h5>\n\n\n
7. User Management for Client VPN<\/h5>\n\n\n
User Management > User Permissions<\/code>.<\/p>\n\n\n\n8. Multi-Factor Authentication (Optional)<\/h5>\n\n\n
Authentication<\/code> tab.<\/p>\n\n\n9. SSL Certificate Configuration<\/h5>\n\n\n
Configuration > Webserver<\/code>.<\/p>\n\n\n10. Configuration and User Profile<\/h5>\n\n\n
https:\/\/[your-configured-subdomain]<\/code>.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\n
<\/p>\n\n\nJump Server Configuration<\/h4>\n\n
1. Allow only VPN IP<\/h5>\n\n\n
For example, if you are using an AWS instance as a Jump server, follow the following steps:
<\/p>\n\n\n\n
2. Navigate to the EC2 Dashboard<\/strong>:Once logged in, go to the EC2 dashboard.
3. Select the Jump Server Instance<\/strong>:In the EC2 dashboard, select the Jump server instance for which you want to configure security group rules.
4. View the Security Group<\/strong>:In the details pane at the bottom, under the “Description” tab, you’ll find the security group associated with the selected Jump server instance. Click on the security group name to access its configuration.
5. Edit the Inbound Rules<\/strong>:In the security group details, go to the “Inbound rules” tab.
6. Add a New Rule<\/strong>:Click the “Edit inbound rules” button, then click “Add rule” to create a new rule.
Specify the Rule<\/strong>:
Set the rule as follows:Type: Choose the appropriate protocol and port(s) for the service you want to allow. For example, if it’s SSH, select “SSH (22)” or customize it according to your application’s needs.
Source: Enter the IP address or IP range of your VPN service. You can specify a single IP, a range, or a specific security group associated with your VPN server.For example, if your VPN server’s IP is 1.2.3.4, you can enter “1.2.3.4\/32” to allow only that specific IP.
7. Review and Save<\/strong>:Review the rule settings to ensure they are correct, and then click “Save rules.”
8. Confirm the Changes<\/strong>:AWS will prompt you to confirm the changes. Click “Save rules” again to apply the new security group rule.<\/p>\n\n\n\n
Refer Docs: Ubuntu<\/a>, Redhat<\/a>, Windows<\/a><\/p>\n\n\n2. Implement SSH Keys<\/h5>\n\n\n