I am just archiving this link for myself (and anyone else that needs this information) as well as the pertinent information therein.

Basically if you run multiple OpenVPN servers in your environment you probably need your OpenVPN Connect Client to be able to handle multiple profiles. This isn’t enabled out of the box for the client software. A little googling though and I came across this article:
(more…)

Heartbleed was a major vulnerability in the SSL protocol used by many many sites and services. Folks have been scrambling to patch it up quickly since it was announced a few days prior.

If you are in the process of doing just that for yourself or your organization, you might be so busy fixing websites and webservers that you forget about other services that also make use of the OpenSSL protocol.

One such service, OpenVPN. Particularly “Access Server” as it has a client-facing Web front-end. Luckily, there is already a new version of access server released and updating your existing servers is quite simple on most Linux distributions.
(more…)

Most UTM (unified threat management) Firewall devices worth their price tag include a VPN server as part of the mix. In my experience, a UTM is an excellent choice for a small office and/or most smaller enterprises as several of the higher-end devices scale quite far. For a larger, corporate network though, while a UTM (or two or three) might be part of the security mix, larger dedicated components often make more sense.

That being said, if you have a UTM, and it includes a VPN solution, you may be considering taking advantage of this for remote network access. While I wouldn’t necessarily advise against doing this, before going to far down that road I would tell you to look into deploying OpenVPN Access Server instead with Google Authenticator. Here is why…
(more…)

Google Authenticator, and (all?) other rotating-pin multi-factor authentication systems, rely on the clock on the token device (in this case your smart-phone or tablet) and the authenticating system (in this case the OpenVPN server). If the clocks are different by more than a few seconds or so, it will break your authentication. (more…)

Thought I would post this one quickly…

Having trouble getting OpenVPN to start/work for you and you are seeing this error in your logs?

“TCP/UDP: Socket bind failed on local address”

The resolution is pretty simple. Try changing the port you have assigned to openVPN in your config file and restarting the service. Most likely you have bound it to a port already being used by another service. I ran into this problem because I tried to use port 443. I wasn’t running an SSL/HTTPS website on my server but what I had forgotten that I was running SSH through 443 temporarily.

It is generally good practice to use a port above 1000 for odd services if you aren’t using the default port for said service. I run into this a lot as I don’t like to use common ports as they tend to get targeted more often and hammered by bots/evil people trying to break in…

Anyhow, hope this helps!