Mks IT ramblings

install Free OpenVPN server on Oracle Cloud free tier

https://openvpn.net/as-docs/oracle.html#additional-security-steps-you-can-take-after-installation-76635

here is a write up that actually working as of 28/02/2026

( the steps here are modified based on google)

Installing OpenVPN on Oracle Cloud Infrastructure (OCI) is most efficiently done using the OpenVPN Access Server image available in the OCI Marketplace. This provides a pre-configured environment that includes a web-based admin interface and two free concurrent connections..

1. Launch the OpenVPN Instance

Find the Image: Sign in to your Oracle Cloud Console. Open the navigation menu, go to Marketplace, and select All Applications. Search for "OpenVPN Access Server".
Launch Stack: Select the BYOL (Bring Your Own License) version, choose your compartment, and click Launch Stack.
Configure Instance:

Shape: Choose a compatible shape (e.g., VM.Standard.E2.1.Micro if you are using the Always Free tier).
Network: Select an existing Virtual Cloud Network (VCN) and a Public Subnet.
- if for the first time, create a new vcn and a new public subnet; otherwise you will get error
Credentials: generate private and public keys and save those, you will need those when you do initial ssh connect

I do not have a chance to assign a public IP when creating the vm; but I managed to assign a public IP afterwards by clicking somewhere ....

2. Configure Network Security

You must manually add Ingress Rules to your public subnet's Security List or Network Security Group to allow VPN traffic:

TCP Port 443: For the Client Web UI and VPN tunnel.
TCP Port 943: For the Admin Web UI.
UDP Port 1194: The default port for OpenVPN tunnel traffic.
TCP Port 22: (Optional) For SSH management.

3. Initial Server Setup

Access via SSH: Connect to the instance using its public IP: ssh -i <private_key> openvpnas@<public_ip>.
I failed to get the lastest Putty / Puttygen to work with the saved private key, maybe I typed the wrong initial config user
the initial configure user is openvpnas not openvpn
luckily in my windows 11, I can directly do ssh; the cmd is ssh -i "ssh-key-2026-02-27 (2).key" openvpnas@1xx.3x.72.2
here is a screen dump of my various attempts with various errors
c:\Users\myarse\Downloads>ssh -i "ssh-key-2026-02-27 (2).key" openvpn@1xx.3x.72.2
The authenticity of host '1xx.3x.72.2 (1xx.3x.72.2)' can't be established.
ED25519 key fingerprint is SHA256:bQtaRZI30BwftuDvaVdqN+Bs+rZv3xpShmpy5QFFdb4.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '1xx.3x.72.2' (ED25519) to the list of known hosts.
openvpn@1xx.3x.72.2: Permission denied (publickey).
c:\Users\myarse\Downloads>ssh -i "ssh-key-2026-02-27 (1).key" openvpn@1xx.3x.72.2
openvpn@1xx.3x.72.2: Permission denied (publickey).
c:\Users\myarse\Downloads>ssh -i "ssh-key-2026-02-27.key" openvpn@1xx.3x.72.2
openvpn@1xx.3x.72.2: Permission denied (publickey).
c:\Users\myarse\Downloads>ssh openvpn@1xx.3x.72.2
openvpn@1xx.3x.72.2: Permission denied (publickey).
c:\Users\myarse\Downloads>ssh -i "ssh-key-2026-02-27 (2).key" root@1xx.3x.72.2
Please login as the user "openvpnas" rather than the user "root".
openConnection to 1xx.3x.72.2 closed.
c:\Users\myarse\Downloads>ssh -i "ssh-key-2026-02-27 (2).key" openvpnas@1xx.3x.72.2
Welcome to OpenVPN Access Server Appliance 2.14.3
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
OpenVPN Access Server
Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)
1. Copyright Notice: OpenVPN Access Server License;
"OpenVPN" is a trademark of OpenVPN Inc.
2. Redistribution of OpenVPN Access Server binary forms and related documents,
are permitted provided that redistributions of OpenVPN Access Server binary
forms and related documents reproduce the above copyright notice as well as
a complete copy of this EULA.
3. You agree not to reverse engineer, decompile, disassemble, modify,
translate, make any attempt to discover the source code of this software,
or create derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software
components, some of which fall under different licenses. By using OpenVPN
or any of the bundled components, you agree to be bound by the conditions
of the license for each respective component. For more information, you can
find our complete EULA (End-User License Agreement) on our website
(http://openvpn.net), and a copy of the EULA is also distributed with the
Access Server in the file /usr/local/openvpn_as/license.txt.
5. This software is provided "as is" and any expressed or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. In no event shall
OpenVPN Inc. be liable for any direct, indirect, incidental,
special, exemplary, or consequential damages (including, but not limited
to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of
liability, whether in contract, strict liability, or tort (including
negligence or otherwise) arising in any way out of the use of this
software, even if advised of the possibility of such damage.
6. OpenVPN Inc. is the sole distributor of OpenVPN Access Server
licenses. This agreement and licenses granted by it may not be assigned,
sublicensed, or otherwise transferred by licensee without prior written
consent of OpenVPN Inc. Any licenses violating this provision
will be subject to revocation and deactivation, and will not be eligible
for refunds.
7. Subscription License Key: Entitles you to use this software for the
duration of term of your subscription up to the concurrent user limit
specified by your subscription. This license permits you to use the
software on one or more servers, provided that in no event will the number
of concurrent VPN connections that all servers may allow exceed the
concurrent user limit. Upon activation of the first purchased activation
key for this software, you agree to forego any free licenses or keys that
were given to you for demonstration purposes, and as such, the free
licenses will not appear after the activation of a purchased key. You are
responsible for the timely activation of these licenses on the server or
servers of your choice.
Refunds on purchased activation keys are only possible within 30 days of
purchase of activation key, and then only if the activation key has not
already been activated on a system. To request a refund, contact us through
our support ticket system using the account you have used to purchase the
activation key. Activated subscriptions are nontransferable. Access Server
Subscription entitles the use of (1) subscription license key on a single
server or across multiple servers. Once an activated key expires or becomes
invalid, the concurrency limit on our software product will revert to
demonstration mode, which allows a maximum of two (2) concurrent users to
be connected to your server. Prior to your subscription license expiration,
OpenVPN Inc. will, depending on your purchase selection, either auto-renew
your subscription, or attempt to remind you to renew your subscription by
sending periodic email messages to the licensee email address on record.
You are solely responsible for the timely renewal of your activation key(s)
prior to their expiration if continued operation is expected after the
subscription term ends. OpenVPN Inc. will not be responsible for any
misdirected and/or undeliverable email messages, nor does it have an
obligation to contact you regarding your subscription term's expiry.
8. Standard Non-Subscription License Key(s) also called Fixed License Key(s):
A Purchased Standard Non-Subscription license entitles you to use this
software for the duration of time denoted on your activation key on any one
(1) particular device, up to the concurrent user limit specified by your
license. Multiple activation keys may be activated to achieve a desired
concurrency limit on this given device. Unless otherwise prearranged with
OpenVPN Inc., concurrency counts on activation keys are not to be divided
for use amongst multiple devices. Upon activation of the first purchased
activation key in this software, you agree to forego any free licenses or
keys that were given to you for demonstration purposes, and as such, the
free licenses will not appear after the activation of a purchased key. You
are responsible for the timely activation of these licenses on your desired
server of choice. Refunds on purchased activation keys are only possible
within 30 days of purchase of activation key, and then only if the
activation key has not already been activated on a system. To request a
refund, contact us through our support ticket system using the account you
have used to purchase the activation key.
Activating a standard Non-Subscription key ties it to the specific
hardware/software combination that it was activated on, and activated
activation keys are nontransferable. Substantial software and/or hardware
changes may invalidate an activated license. In case of substantial
software and/or hardware changes, caused by for example, but not limited to
failure and subsequent repair or alterations of (virtualized)
hardware/software, our software product will automatically attempt to
contact our online licensing systems to renegotiate the licensing state. On
any given activation key, you are limited to three (3) automatic
renegotiations within the activation key lifetime. After these
renegotiations are exhausted, the activation key is considered invalid, and
the activation state will be locked to the last valid system configuration
it was activated on. OpenVPN Inc. reserves the right to grant exceptions to
this policy for license holders under extenuating circumstances, and such
exceptions can be requested through a ticket via the OpenVPN Access Server
ticketing system.
Once an activated activation key expires or becomes invalid, the
concurrency limit on our software product will decrease by the number of
concurrent connections previously granted by the activation key. If all
purchased activation key(s) have expired, the product will revert to
demonstration mode, which allows a maximum of two (2) concurrent users to
be connected to your server. Prior to your license expiration date(s),
OpenVPN Inc. will attempt to remind you to renew your license(s) by sending
periodic email messages to the licensee email address on record. You are
solely responsible for the timely renewal of your activation key(s) prior
to their expiration if continued operation is expected after the license
expiration date(s). OpenVPN Inc. will not be responsible for any
misdirected and/or undeliverable email messages, nor does it have an
obligation to contact you regarding your expiring activation keys.
9. Once an activated activation key expires or becomes invalid, the
concurrency limit on our software product will decrease by the amount of
concurrent connections previously granted by the activation key. If all of
your purchased activation key(s) have expired, the product will revert to
demonstration mode, which allows a maximum of two (2) concurrent users to
be connected to your server. Prior to your license expiration date(s),
OpenVPN Inc. will attempt to remind you to renew your license(s) by sending
periodic email messages to the licensee email address on record. You are
solely responsible for the timely renewal of your activation key(s) prior
to their expiration if continued operation is expected after the license
expiration date(s). OpenVPN Inc. will not be responsible for any
misdirected and/or undeliverable email messages, nor does it have an
obligation to contact you regarding your expiring activation keys.
10. Any valid activation key holder is entitled to use our ticketing system for
support questions or issues specifically related to the OpenVPN Access
Server product. To file a ticket, go to our website at https://openvpn.net/
and sign in using the account that was registered and used to purchase the
activation key(s). You can then access the support ticket system through
our website and submit a support ticket. Tickets filed in the ticketing
system are answered on a best-effort basis. OpenVPN Inc. staff reserve the
right to limit responses to users of our demo / expired licenses, as well
as requests that substantively deviate from the OpenVPN Access Server
product line. Tickets related to the open source version of OpenVPN may
not be handled here.
11. Purchasing an activation key does not entitle you to any special rights or
privileges, except the ones explicitly outlined in this user agreement.
Unless otherwise arranged prior to your purchase with OpenVPN Inc.,
software maintenance costs and terms are subject to change after your
initial purchase without notice. In case of price decreases or special
promotions, OpenVPN Inc. will not retrospectively apply credits or price
adjustments toward any licenses that have already been issued. Furthermore,
no discounts will be given for license maintenance renewals unless this is
specified in your contract with OpenVPN Inc.
Please enter 'yes' to indicate your agreement [no]: yes
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.
Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) ens3: 1xx.3x.72.2
Please enter the option number from the list above (1- 2).
> Press Enter for default [1]:
What public/private type/algorithms do you want to use for the OpenVPN CA?
Recommended choices:
rsa - maximum compatibility
secp384r1 - elliptic curve, higher security than rsa, allows faster connection setup and smaller user profile files
showall - shows all options including non-recommended algorithms.
> Press ENTER for default [secp384r1]:
What public/private type/algorithms do you want to use for the self-signed web certificate?
Recommended choices:
rsa - maximum compatibility
secp384r1 - elliptic curve, higher security than rsa, allows faster connection setup and smaller user profile files
showall - shows all options including non-recommended algorithms.
> Press ENTER for default [secp384r1]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Admin user authentication will be local
Private subnets detected: ['10.0.0.0/24']
Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).
You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.
Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]:
Type a password for the 'openvpn' account (if left blank, a random password will be generated):
Confirm the password for the 'openvpn' account:
> Please specify your Activation key (or leave blank to specify later):
Initializing OpenVPN...
Removing Cluster Admin user login...
userdel: user 'admin_c' does not exist
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Setting password in db...
Getting hostname...
Hostname: 1xx.3x.72.2
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
groupadd: group 'openvpn_as' already exists
Adjusting license directory ownership...
chown: warning: '.' should be ':': ‘openvpn_as.openvpn_as’
Initializing confdb...
Initial version is not set. Setting it to 2.14.3...
Generating PAM config for openvpnas ...
Enabling service
Created symlink /etc/systemd/system/multi-user.target.wants/openvpnas.service → /usr/lib/systemd/system/openvpnas.service.
Starting openvpnas...
NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly. Please ensure that your time and date
are correct on this system.
Initial Configuration Complete!
You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://1xx.3x.72.2:943/admin
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://1xx.3x.72.2:943/admin
Client UI: https://1xx.3x.72.2:943/
To login please use the "openvpn" account with the password you specified during the setup.
See the Release Notes for this release at:
https://openvpn.net/vpn-server-resources/release-notes/
openvpnas@instance-20260227-2142:~$ You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://1xx.3x.72.2:943/admin
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://1xx.3x.72.2:943/admin
Client UI: https://1xx.3x.72.2:943/
To login please use the "openvpn" account with the password you specified during the setup.
See the Release Notes for this release at:
https://openvpn.net/vpn-server-resources/release-notes/You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://1xx.3x.72.2:943/admin
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://1xx.3x.72.2:943/admin
Client UI: https://1xx.3x.72.2:943/
To login please use the "openvpn" account with the password you specified during the setup.
See the Release Notes for this release at:
https://openvpn.net/vpn-server-resources/release-notes/client_loop: send disconnect: Connection reset
Run Setup Wizard: Upon first login, a setup wizard will start automatically. Accept the license agreement and follow the prompts (default settings are usually sufficient).
Set Admin Password: openvpn; set a password for the web interface.

4. Configure the Admin Web UI

Search This Blog

Saturday, February 28, 2026

install Free OpenVPN server on Oracle Cloud free tier ( step by step, ah well , almost, that actually works, not AI generated)

Mks IT ramblings

MyB00K

MyMaps

Blog Archive

About Me

Popular Posts

Total Pageviews

MKS Analytics

traffice profiler