Securing Openvpn Access Server; frontend

Hiding the openvpn-as web interface from the internet was a logical step for security. This is a quick guide about securing openvpn-as webpages in Ubuntu if you tend to use the front-end infrequently.

In Terminal, navigate to your installed openvpn-as directory:
(might be different, depending on how it was installed)

cd /usr/local/openvpn_as/etc

Next we need to edit the as.conf file…. I recommend making a backup just in case!

sudo cp as.conf as.conf.backup

Now to open the file with nano:

sudo nano as.conf

To stop the front end from broadcasting publicly, we need to find “iptables.web=true” and change to:

iptables.web=false

Save with CTRL+O and exit with CTRL+X

This will stop openvpn-as from overriding our UFW firewall rules.

Finally, restart openvpn-as server:

sudo service openvpnas restart

At this point, test your openvpn tunnel connections. They should work ok and connect. If not check your firewall settings.

Next test your front-end via “http://yourip:943”

If it does not load, your all set!

If it does load:

  1. Make sure you are not connected via VPN and then try on an outside connection
  2. Give your server a reboot and test “http://yourip:943” again.
  3. Try deleting local broswer cache and try again

To re-enable, open port 943 on your firewall:

sudo ufw allow 943/tcp

Or revert to your backed up as.conf file!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.