OpenVPN Access Server Upgrade

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
rodrigoechaide
OpenVpn Newbie
Posts: 3
Joined: Mon May 31, 2021 8:33 am

OpenVPN Access Server Upgrade

Post by rodrigoechaide » Mon May 31, 2021 8:34 am

Hello, I need advice on how to proceed with the upgrade of an OpenVPN Access Server to the latest available version (2.8.5). Currently, I have a OpenVPN Access Server up and running (Version 2.7.4) in AWS in an ec2 instance which was launched from AWS Marketplace. Due to a vulnerability in version 2.7.4, we need to upgrade the server to the latest available version 2.8.5 and I need advice on how to do this properly in order not to lose the license (the server has a license for 100 simultaneous users). I know that from the OpenVPN Access Server documentation the upgrade can be done easily running apt-get update and apt-get upgrade commands but again I need advice in order to know if after that procedure the server will continue working normally.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: OpenVPN Access Server Upgrade

Post by openvpn_inc » Mon May 31, 2021 9:01 am

Hello rodrigoechaide,

This page contains information about the upgrade process:
https://openvpn.net/vpn-server-resource ... r-updated/

From experience I would say there's like a 99% chance that when you run those commands, things are upgraded without you having to do anything else. But there's the 1% chance that you have some legacy setting that might need manual adjustment or that the upgrade steps bring in operating system patches that could probably do with a reboot of the system to complete fully (like kernel upgrades) or some other unexpected issue.

I would recommend that you follow our guide which specifies backup steps as the first step. So you have a way back if you run into trouble and need to do a rollback and/or wait for assistance on how to resolve your specific issue, should anything untoward happen. And to of course plan this at a quiet moment for you.

But again, 99% of cases, you just do that upgrade as you said, and everything upgrades, and you're fine. Particularly the licensing is something we test for with every release to ensure it stays functional. If your licensing is subscription, there's practically no risk, since that's not tied to anything and will just work on as many servers as you like, even different or new ones. And tiered instances on AWS, which are licensed through AWS, are also fine. That is tied to the instance product information which doesn't change when you change software on your AWS instance, and works with any version of Access Server 2.* automatically. And fixed license keys will also continue to function normally on an AWS EC2 instance if you upgrade/downgrade/rollback the software of Access Server on it. It's only when you make a new instance on AWS EC2 or launch a new instance from a (backup) AMI that you may run the risk of losing a license. But not when you just upgrade software in the OS.

I also want to point out that the latest version is 2.8.8. The latest version available on the Amazon AWS marketplace at the moment starts out as 2.8.5. But those, and any Access Servers out there, can be upgraded using apt-get update/upgrade to latest version 2.8.8. We periodically update the starting images on Amazon AWS marketplace. But the latest updates can always be obtained through the upgrade steps.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: OpenVPN Access Server Upgrade

Post by chilinux » Mon May 31, 2021 3:08 pm

There is one known issue when upgrading from a version previous to 2.8.0 which is if LDAP authentication is enabled and a post_auth script is used.

This is explained in the changelog in the 2.8.0 section here:
https://openvpn.net/vpn-server-resource ... rver-2-8-0

I have perform the upgrade across multiple OpenVPN AS installs and never had a problem with the license being lost as a result.

Post Reply