The current state of the world has caused some unique stresses on IT infrastructure. For IT departments servicing internal teams, remote access infrastructure in particular has felt the brunt of the blow. To that end, I spent a couple of weeks testing out enterprise VPN solutions.

Open VPN Access Server uses NAT (Network Address Translation) to “ease” routing VPN user traffic to the rest of a remote network. This isn’t always a desirable configuration.

If you want to disable NAT globally, you can do so by logging into the shell as a root user on your OpenVPN Access Server and doing the following:

cd /usr/local/openvpn_as/scripts
./sacli --key vpn.server.nat --value false ConfigPut
./sacli start

This globally disables NAT on the box and you can then use routing tables on your network to manage traffic flow. This is handy when you already have an established network with a device (or two) that are handling routing for you and will definitely fit some use cases.

For clarity’s sake I will go ahead and state the following: This is for OpenVPN ACCESS SERVER, not for the open-source/free community edition. They are very different beasts so take note of which you are using.


I am just archiving this link for myself (and anyone else that needs this information) as well as the pertinent information therein.

Basically if you run multiple OpenVPN servers in your environment you probably need your OpenVPN Connect Client to be able to handle multiple profiles. This isn’t enabled out of the box for the client software. A little googling though and I came across this article:

Heartbleed was a major vulnerability in the SSL protocol used by many many sites and services. Folks have been scrambling to patch it up quickly since it was announced a few days prior.

If you are in the process of doing just that for yourself or your organization, you might be so busy fixing websites and webservers that you forget about other services that also make use of the OpenSSL protocol.

One such service, OpenVPN. Particularly “Access Server” as it has a client-facing Web front-end. Luckily, there is already a new version of access server released and updating your existing servers is quite simple on most Linux distributions.