OpenVPN on Azure is an interesting service that you might want to try if you are looking for your own VPN server setup. In this tutorial, we are going to show you how to build your VPN server step by step using OpenVPN and Microsoft Azure service.
OpenVPN Access Server is a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux, mobile OS (Android and iOS) environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.
OpenVPN Access Server is available on Microsoft Azure. You can deploy it quickly from Azure Marketplace. With few configurations, you will have a VPN server deployed in a specific region that you want. Microsoft Azure network is extremely fast so we will have good network connectivity with this VPN setup.
How to deploy OpenVPN Access Server?
In this tutorial, we will deploy the OpenVPN Access Server from Microsoft Azure Marketplace. Before you begin, make sure you have an Azure account with an active Subscription so you can create Azure resources.
Deploy OpenVPN Access Server
In Azure portal, click on Create a resource on the left panel and search for OpenVPN
The resource we want to deploy is OpenVPN Access Server, click on Create to start the deployment.
You will be redirected to the detail configuration page for the Virtual Machine. You will need to fill in these required information:
- Virtual Machine Name: Any name you want.
- Region: You should choose the region which closes to your place to get the fastest access.
- Size: You can leave it default or increase to bigger size depends on your amount of VPN traffic and number of the client.
- Administrator Account: You will specify the username and password or SSH public key for latter SSH access to the OpenVPN server.
By default, the Boot Diagnostics is enabled. You will also be asked to create a Storage Account for this. Click on Create new to create one, or you can turn off Boot Diagnostics to skip this step.
Then click on review + create to redirect to the review page. Finally, click on Create to deploy your OpenVPN Access Server. You can monitor the deployment process as below.
Once the Virtual Machine is deployed, go to the Virtual Machine page that we created to get its public IP address. In our case, it is 126.96.36.199
Configure OpenVPN Access Server
Once your VPN Server is up and you got its public IP address, let’s configure it. The initial configuration requires you to login into the Virtual Machine using SSH protocol.
To SSH to the OpenVPN Server; on Linux, you can use Terminal; on Windows, you can use Putty. In this tutorial, we use the simple SSH command from Linux.
$ ssh [email protected]
Once you logged in, you will be asked for setting up your OpenVPN Access Server. Almost config can be left as default, you just need to hit Enter. However, there are 2 configs you should pay attention to:
- Web Admin UI IP address: This is the interface that OpenVPN web UI will bind to. You should select 0.0.0.0 so all interface will be bound.
- Web Admin login user: It is
openvpnby default. This is the user you will use to login into the OpenVPN Access Server web interface.
Now open your web browser and go to web page https://<vpn-public-ip>:943/admin. You will be asked for the authentication. In this case, use openvpn user that we defined in the previous step.
Note: If you don’t know the openvpn user password. Try to SSH to your OpenVPN Virtual Machine again and type following command to reset password for openvpn user.
$ sudo passwd openvpn
Click on Agree to go to next step
This is the OpenVPN Access Server Admin home page.
By default, our OpenVPN Access Server will use the Virtual Machine private IP address in its configuration. You will need to change it to the public IP address instead. Because the OpenVPN profile will be using this for the client connection endpoint. If it is a private IP address, your client won’t be able to connect.
To update this config, go to Configuration > Network Settings. In Hostname or IP address field, enter your Virtual Machine public IP address and click on Save.
Create OpenVPN user
In order to create OpenVPN account for later access, go to User Management > User Permissions and create a new account.
Here you can specify the account password and other VPN configs such as Auto-login, NAT, Routing, etc for that account only.
Using OpenVPN Client on your computer
We’ve done all needed setup for the server side. Now, as a client, we login into the OpenVPN Access Server user page at address https://<vpn-public-ip>:943 and login with account we created in the previous step.
At this user page, you will able to download the OpenVPN client for your computer. OpenVPN supports Windows, Mac OS X, Linux, Android, and iOS.
Then, download your OpenVPN profile below to import into your OpenVPN client software.
After importing the config to your OpenVPN client, try to connect to your OpenVPN server. If you can connect succesffully, you will see a message similar to this screenshot. Your computer will be assigned a new private IP address.
Verify your traffic is routed to your OpenVPN server
Once you connected to your VPN network, try to check your current public IP address that recognized by the public web services. For example, go to http://ifconfig.top, you will see your current public IP address is your OpenVPN Virtual Machine IP address.