Bridge a Remote Site Network with OpenVPN Access Server

User configuration

This will configure the users allowed to access the VPN tunnel using the web interface of the OpenVPN Access Server. These users will have access to the remote network.

You WILL need to know the network IP addressing of the remote network (an IP address in the network and the subnet mask. More details below).

openvpn_access_server_bridge-01_bridge_server-14_openvpn_access_server_browser_certificate_errorGo back to the web browser and enter the URL for “Admin UI.” This would be

https://67.207.156.139:943/admin

This URL was given at the end of the OpenVPN Access Server configuration.

You will be presented with a certificate error. This is because the OpenVPN Access Server has a self-signed certificate. You will need to bypass this error. Steps required depend on your browser and may require an exception to be added to for this URL. Adding and confirming the exception is a precaution instituted by the web browser to check that you are aware that you will be bypassing this security message.

openvpn_access_server_bridge-01_bridge_server-15_openvpn_access_server_browser_loginWhen the error message has been bypassed, the logon will be displayed. For Username enter

openvpn

For password, enter the password you set when running the passwd openvpn command.

Click Sign In.

openvpn_access_server_bridge-01_bridge_server-16_openvpn_access_server_browser_license_agreementWhen first logging in, you need to accept the license agreement. Click Agree.

Remote site user

The user for the gateway server on the remote network is created.

openvpn_access_server_bridge-01_bridge_server-17_openvpn_access_server_browser_status_overviewAt the Status Overview page, under User Management, click User Permissions.

openvpn_access_server_bridge-01_bridge_server-18_openvpn_access_server_browser_user_permissions_remote_userThe User Permissions screen lists all the usernames in use on the OpenVPN Access Server. Under the Username column, for New Username, enter

Remote Site

This can be anything but must be consistent across the rest of the instructions. Usernames are case sensitive!

Check Allow Auto-login.

Click Save Settings.

openvpn_access_server_bridge-01_bridge_server-19_openvpn_access_server_browser_user_permissions_remote_user_update_serverThe user will be added. To update the server, click Update Running Server.

openvpn_access_server_bridge-01_bridge_server-20_openvpn_access_server_browser_user_permissions_remote_user_more_settingsWith the Remote Site user created, under More Settings, click Show.

openvpn_access_server_bridge-01_bridge_server-21_openvpn_access_server_browser_user_permissions_remote_user_more_settingsCreate a password for the remote network user.

Under Access Control, for Allow Access From, check all server-side private subnets. Check all other VPN clients.

Under VPN Gateway, for Configure VPN Gateway, select Yes.

Allow client to act as VPN gateway for these client-side subnets, enter

192.168.1.0/24

Here is where you will need the network prefix and subnet mask of the remote site network to determine the correct input. Typically a quick ifconfig on the Linux box at the remote site will help determine most of the information. A quick crash-course in IPv4 subnetting and CIDR notation and blocks (Classless Inter-Domain Routing) is needed if you have trouble determining this information.

Click Save Settings.

openvpn_access_server_bridge-01_bridge_server-22_openvpn_access_server_browser_user_permissions_remote_user_update_serverThe user settings will be saved. To update the server, click Update Running Server.

Home user

The home user will be created.

openvpn_access_server_bridge-01_bridge_server-23_openvpn_access_server_browser_user_permissions_local_userAt the Status Overview page, under User Management, click User Permissions.

The User Permissions screen lists all the usernames in use on the OpenVPN Access Server. Under the Username column, for New Username, enter

Home

This can be anything but must be consistent across the rest of the instructions. Usernames are case sensitive!

Check Allow Auto-login.

Click Save Settings.

openvpn_access_server_bridge-01_bridge_server-24_openvpn_access_server_browser_user_permissions_local_user_update_serverThe user will be added. To update the server, click Update Running Server.

openvpn_access_server_bridge-01_bridge_server-25_openvpn_access_server_browser_user_permissions_local_user_more_settingsWith the Home user created, under More Settings, click Show.

openvpn_access_server_bridge-01_bridge_server-26_openvpn_access_server_browser_user_permissions_local_user_more_settingsCreate a password for the Home user. This will used to download the OpenVPN Connect application.

Click Save Settings.

openvpn_access_server_bridge-01_bridge_server-27_openvpn_access_server_browser_user_permissions_local_user_update_serverThe user settings will be saved. To update the server, click Update Running Server.

OpenVPN Access Server users are setup!

Other bits

Settings on the More Settings pages for each user can be made on the fly after the fact and have no effect on the download profile.

As many ‘Home’ users can be created as desired. Only two concurrent users can be connected to the VPN.