The current state of the world has caused some unique stresses on IT infrastructure. For IT departments servicing internal teams, remote access infrastructure in particular has felt the brunt of the blow. To that end, I spent a couple of weeks testing out enterprise VPN solutions.
(more…)

I am just archiving this link for myself (and anyone else that needs this information) as well as the pertinent information therein.

Basically if you run multiple OpenVPN servers in your environment you probably need your OpenVPN Connect Client to be able to handle multiple profiles. This isn’t enabled out of the box for the client software. A little googling though and I came across this article:
(more…)

I am not sure when OpenVPN added multi-factor support to their Access Server but I am thrilled that they did. It must have been recently (within the last few weeks or months) as I was using OpenVPN Access Server about 4 months ago as a temporary solution while my main solution was down and it did not have Multi-Factor built-in. All I have to say is, THANK YOU! (more…)

In a previous post I dealt with setting up an OpenVPN Community Edition server which is the free version of OpenVPN. I had initially hoped to use Authy for two-factor authentication in addition to LDAP but later found out that wasn’t going to work. So now I am looking at using DUO for two-factor authentication and OpenVPN Access Server.

Access Server is the “paid” version of OpenVPN and is significantly easier to install and configure vs. the open-source community edition. The two different products fulfill the same function and rely on the same technology to do so, but the underlying structure of Access Server is significantly different from the community edition.

Just to be clear, if you don’t need two-factor authentication, and don’t mind applying a bit of digital elbow grease, I highly recommend going with the community edition of OpenVPN as it is extremely scalable with no licensing fees. That being said, Access Server is decently economical, especially compared to putting in a hardware device like a Fortigate or Cyberroam UTM box.

This guide assumes you have an Ubuntu 13 box to work with, have full root access, know your way around the linux command-line, and have a basic understanding of networking concepts including VPN.

Let’s dive in!

Before you go any further, if you plan on using LDAP/Microsoft Active Directory, you need to make sure all of the proper ports are open between your Active Directory Domain Controller and your OpenVPN server. You can see which ports are needed for AD traffic here: What ports on the firewall should be open between Domain Controllers and Member Servers?

(more…)