OpenVPN AS ESXi appliance configuration

Post Reply
StefanoB
OpenVpn Newbie
Posts: 3
Joined: Wed Sep 25, 2019 8:37 pm

OpenVPN AS ESXi appliance configuration

Post by StefanoB » Wed Sep 25, 2019 9:13 pm

We are evaluating the OpenVPN server using the appliance
We succesfully installed it on our ESXi host, then configured it as in the guide.
We would like to use the certificate authentication, but we cannot find the configuration files server.conf as stated in the guide here:
https://openvpn.net/community-resources ... nd-clients
Do we need to manually create entries into as.conf?
Appliance version is the latest available, 2.7.5

Thanks in advance,
Stefano

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN AS ESXi appliance configuration

Post by novaflash » Wed Sep 25, 2019 9:17 pm

Hello Stefano,

The certificates are automatically implemented and verified in Access Server, no further configuration is required to implement these in Access Server. you can open up one of the client.ovpn files you download from the Access Server web interface to see the client private key and client public key, and the server CA public certificate.

StefanoB
OpenVpn Newbie
Posts: 3
Joined: Wed Sep 25, 2019 8:37 pm

Re: OpenVPN AS ESXi appliance configuration

Post by StefanoB » Wed Sep 25, 2019 9:20 pm

Cool, so no need to generate each one by hand, I only need to create the users.
But how do I ensure that the connection can be made only via certificate and not via password?

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN AS ESXi appliance configuration

Post by novaflash » Wed Sep 25, 2019 9:26 pm

By default Access server verifies username, password, and certificate, for VPN connections. If you use autologin profiles, only the certificate is sufficient. But without certificate you cannot connect in any case.

If you want to prevent people from getting the certificate from the access server web interface, you can switch on the option to only allow admin users to access the web interface. But then you will have to take care of distributing the client profiles by hand, for example via the command line options.
https://openvpn.net/vpn-server-resource ... nstallers/

StefanoB
OpenVpn Newbie
Posts: 3
Joined: Wed Sep 25, 2019 8:37 pm

Re: OpenVPN AS ESXi appliance configuration

Post by StefanoB » Wed Sep 25, 2019 9:35 pm

Thank you very much, tomorrow I'll try this.

Post Reply