Email Server Settings

Server Management > Network Services > OpenVPN Server

OpenVPN is an open-source VPN application that lets you create and join a private network securely over the public Internet. When enabled, your Users can use this server as endpoint for their internet connection. The settings of OpenVPN can be configured on this GUI page.

These services are divided between two sub-tabs:

BlueOnyx uses OpenVPN v2.4.1-2 as its OpenVPN server.

For troubleshooting troubleshooting information please scroll to the end of this page.


General

Enable OpenVPN

When this checkbox is ticked, the OpenVPN server will be started with the settings and the configuration displayed on this page.

UDP Port

OpenVPN binds to a publicly reachable UDP port. By default this is port 1194 UDP, but you can choose to run it on a different port instead.

Max Clients

Maximum amount of OpenVPN clients that are allowed to connect simultaneously.

DNS Servers

Specify the DNS servers that VPN clients will use for their internet connection.

APF Firewall exception

This option will only show when you also have the optional Package “APF Firewall” from the BlueOnyx shop installed. By default APF blocks access to all UDP ports but the one for DNS. If you want OpenVPN to be reachable despite APF being active, then please tick this checkbox. That will open the OpenVPN UDP port in APF and will also modify APF to add the required IPTables postrouting rule.

Allow siteAdmins

By default the siteAdmin of a Vsite with OpenVPN service enabled does NOT have the right to enable/disable OpenVPN access of his users. Tick this checkbox if you want to grant siteAdmins the right to enable/disable OpenVPN access for their own users. For this to work the Vsite in question must have OpenVPN enabled.

Update Key (WARNING!)

Tick this checkbox is you want to generate the required OpenVPN SSL certificate. During initial setup this is mandatory. If you tick this checkbox again and save, then ALL OpenVPN SSL certificates (for server and users) will get invalidated and are recreated from scratch. No further<br>OpenVPN login is possible with previously issued OpenVPN credentials and the newly issued credentials must be used. Therefore use this function with extreme prejudice after the initial setup has been completed.

Key Name

This is the name of the OpenVPN server certificate. This cannot be changed.

VPN Domain

Fully qualified domain name of this OpenVPN server. Should be the same as<br>the server name of this BlueOnyx.

Certificate Information

This information is taken from the signed certificate (if any) that is installed on the server.

Client Certificates

The Client Certificates tab shows you a list of all users who have been issued with OpenVPN access. The shown information details the user name, the virtual site that the user might belong to (if any) and date and time of issue of the certificate. Additionally three buttons are shown together which each entry:

Troubleshooting OpenVPN

If your OpenVPN server is not starting, then please try to start it manually from SSH as 'root' and check what the status of the server says. The commands for this are as follows:

BlueOnyx 5209R:

systemctl restart openvpn@server.service

systemctl status openvpn@server.service

BlueOnyx 5207R, 5208R or Aventurin{e} 6108R:

/sbin/service openvpn restart

ps axf|grep openvpn

The configuration files for OpenVPN reside under /etc/openvpn/ and all user certificates can be found under /etc/openvpn/easy-rsa/pki. If you ever plan on migrating the OpenVPN access from one server to another, then be sure to move the /etc/openvpn/ directory across to the new server as well. This will retain both the server certificates and the user certificates.

Under Aventurin{e} or OpenVZ the VPS in question with the OpenVPN package installed must have the capability Net/TUN enabled. In Aventurin{e} this can be done via the GUI interface under VPS / Basic Settings by ticking the respective checkbox and saving. Also make sure your Aventurin{e} node has the kernel module “tun” loaded (“modprobe tun”).

Useful shell-tools: