If you're using an OpenVPN Access Server that was installed before January 20, 2019, you may encounter licensing issues when trying to activate or renew fixed license keys. This is due to an update to the licensing system that added support for new features and enhanced security. Here’s how to resolve the issue and ensure your Access Server continues to function smoothly.
Why the Change?
The licensing system was updated in 2019 to allow for more flexible licensing options and to prepare for future features like clustering. Additionally, the security of the licensing system was improved. While your current setup may continue to work without issues, you will encounter problems when trying to activate new licenses unless you update the system.
What You Need to Do:
-
Upgrade Your Access Server:
The recommended solution is to upgrade your Access Server to the latest version available on our Access Server Portal. The latest versions include the necessary changes to the licensing system. -
Apply the Licensing Patch (If You Can't Upgrade):
If you can't upgrade immediately, you can apply a licensing patch that only updates the licensing system. (The steps for this are outlined below.) This patch is compatible with Access Server 1.8.3 and above, and it can be applied without shutting down or restarting the server, ensuring minimal disruption to your VPN clients. -
For Older Versions (Below 1.8.3):
The new licensing system will not function properly if you're running a version older than 1.8.3. In this case, upgrading to a newer version is strongly recommended. If upgrading is not an option, contact our support team for assistance activating your license key.
Common Questions:
-
Will this affect my current licenses?
No, your existing license keys will continue to work even after the update. However, you must update or patch your server before you can activate any new or renewal license keys. -
What about AWS licenses?
This update don't affect you if you're using an AWS license purchased through the AWS Marketplace. These instances use a different licensing system and will continue to function normally. -
What if I can't afford downtime for an upgrade?
The licensing patch allows you to update the licensing system without taking the server offline, so your VPN clients won’t be disconnected. If you're concerned about potential issues, you can test the patch on a non-production system.
Patch the licensing system
- Connect to your Access Server console with root privileges.
- Run this command to apply the patch:
wget https://swupdate.openvpn.net/as/hotfix/openvpn-as-hotfix-2018-1.tar && tar xvf openvpn-as-hotfix-2018-1.tar && cd openvpn-as-hotfix-2018-1 && ./install
- If the patch is installed successfully, you should see a similar output:
launch wrapper openvpnas modified launch wrapper liman modified apply temporary post_auth attempting warm restart warm restart succeeded no original post_auth live hotfix applied
Troubleshooting
- If you encounter issues using wget, you can download the patch manually and transfer it to Access Server yourself. Then start the installation with this command from the directory where you stored the licensing patch file on your Access Server:
tar xvf openvpn-as-hotfix-2018-1.tar && cd openvpn-as-hotfix-2018-1 && ./install
Verify the integrity of the file with this command:
sha256sum openvpn-as-hotfix-2018-1.tar
The resulting sha256sum should be 7e47fd172596656a990b338f770f7b5ccb6b2629a286f8a19957dbf7b5aef2b7.
- Error: -bash: wget: command not found. If you don't have wget installed, this message displays.
-
ERROR: Certificate verification error for swupdate.openvpn.net: unable to get local issuer certificate. This message displays when the download server's identity can't be verified. To resolve this, you need to update the Certificate Authority bundle on your system, which can often be done by updating your OS. Optionally, you can try to download the file using unsecured HTTP traffic:
wget http://swupdate.openvpn.net/as/hotfix/openvpn-as-hotfix-2018-1.tar && tar xvf openvpn-as-hotfix-2018-1.tar && cd openvpn-as-hotfix-2018-1 && ./install
- Error: Resolving (swupdate.openvpn.net)... failed: Temporary failure in name resolution. This message displays when DNS settings are broken. Resolve this issue by fixing the DNS resolution system.
- Error: "error loading post_auth script: missing post_auth/post_auth_cr function". This message can be ignored.
If you wish to uninstall the patch, run the install command in the same directory as the patch:
./uninstall
Comments
0 comments
Please sign in to leave a comment.