Last updated: February 2026
Access Server is a reliable, self-hosted VPN software solution — rapidly deployable in the cloud or on-premise — that delivers secure remote access to your business network and resources with essential zero trust network access (ZTNA) capabilities.
Key capabilities include:
- Secure remote access to your corporate network with granular permissions and zero-trust enforcement
- Least-privilege access ensuring connections come from trusted devices and locations
- Protection of sensitive SaaS applications by isolating them from the internet, accessible only via VPN
- Multiple authentication methods, a built-in X.509 PKI, and comprehensive identity verification
- Economical licensing with intuitive web-based interfaces for both users and administrators
How Access Server Works
Access Server is VPN server software that can be deployed in the cloud or on-premise on general computing hardware or virtual machines. Multiple Access Servers can be installed to form a high-availability cluster, load-balancing connections across multiple nodes. Using the latest software developments, Access Server handles encryption in the kernel to maximize data speeds.
Your workforce securely accesses your assets by installing the OpenVPN Connect app and connecting to your Access Server. Supported client platforms include Windows, macOS, Linux, ChromeOS, iOS, and Android.
Features
Simple Administration & Flexible Installation
| Feature | Description |
|---|---|
| Administrative Web UI | Intuitive interface for managing network configurations, access controls, users and groups, and authentication settings. Supports SAML for optional SSO login. |
| Command-Line Interface | Comprehensive CLI tools for managing every aspect of your Access Server. |
| Offline / Airgapped Installation | Flexibility to install Access Server on an airgapped LAN using an offline activation with a fixed license key. |
| Cloud Availability | Pre-configured images available for AWS, Google Cloud, DigitalOcean, Microsoft Azure, Oracle Cloud, and IBM Cloud for rapid deployment and scalability. |
| Virtualization Support | Pre-configured images for Docker, Microsoft Hyper-V, and VMware ESXi. |
| Linux OS Support | Compatible with Red Hat Enterprise Linux, Debian, and Ubuntu. |
| Database Support | Compatible with MySQL (defaults to SQLite). |
| OpenVPN Connect Client OS Support | Clients available for Android, iOS, Windows, and macOS. |
Easy Onboarding
| Feature | Description |
|---|---|
| Client Web UI | Simple interface for users to download the Connect client with their connection profile, manage profiles, and edit passwords. |
| OpenVPN Connect Bundled Installer | Setup files that install OpenVPN Connect v3 and preload a connection profile for macOS and Windows distribution. |
| Connection Profile Distribution via URL | Users can retrieve their profiles by entering the server URL in the Connect app or clicking a custom token URL. |
| Global Configuration File Support | A single file that automatically configures the Connect app with preferred settings, profiles, and proxies to simplify mobile device management. |
Connectivity
| Feature | Description |
|---|---|
| Data Channel Offload (DCO) | Increases VPN speed and performance by relocating data channel encryption/decryption to kernel space. |
| OpenVPN Protocol Support | Uses the widely supported OpenVPN protocol, which is firewall-friendly, works in both TCP and UDP modes, and is open to scrutiny and auditing. |
| Full Application Support (TCP, UDP, IP) | Supports any application communicating over TCP and UDP, securing all network traffic your organization depends on. |
High Availability & Redundancy
| Feature | Description |
|---|---|
| Server Clustering | Distributes data traffic across multiple Access Server nodes for horizontal scaling and increased availability to meet the needs of a growing workforce. |
| Failover Mode | Runs a standby server that automatically takes over if the primary server fails, minimizing downtime. Both servers must run on a local area network. |
Authentication
| Feature | Description |
|---|---|
| SAML Support | Centralizes user management and provides secure Single Sign-On (SSO) access, reducing the need for multiple credentials. |
| LDAP, RADIUS, and PAM Support | Manages and enforces consistent user authentication across systems and services for secure access to private resources. |
| Post-Authentication Script Support | Extends built-in capabilities using Python 3 to include custom MFA and ZTNA checks, automated group assignments, and more. |
| Built-in X.509 Certificate Authority and PKI | Issues, manages, and inspects X.509 certificates for both Access Server and clients to verify identities before establishing a connection. |
| External PKI Support | Integrates with external X.509 PKI management software such as OpenSSL and Microsoft AD CS. |
| Multi-Factor Authentication | Adds an extra security layer via an authenticator app (e.g., Google Authenticator, Duo) or other TOTP generator plug-ins. |
| Multiple Authentication Methods | Enables different authentication systems per group or user, enforcing stricter validation for users in critical roles. |
Security
| Feature | Description |
|---|---|
| Device Posture Check* | Blocks connections from devices with unregistered MAC addresses or UUIDs, or non-compliant applications, to enforce approved device posture. |
| Location Context Check* | Blocks connection attempts from unregistered IP addresses to enforce location-based access policies and reduce the impact of compromised credentials. |
| Control Channel Security | Supports TLS-Crypt v2 by default to offer TLS-level post-quantum attack resistance. |
| Data Channel Cryptography | Supports AES-256-GCM as the default for data channel encryption, configurable to include other cipher suites (e.g., Chacha20-Poly1305). |
| FIPS Compliance | Complies with FIPS under default settings and supports FIPS mode on Red Hat and Ubuntu. |
| Access Control | Defines which users and groups can access specific networks, IP services, and other users and groups. |
| Automatic CA Certificate Renewal | Automatically generates a new CA certificate annually so user profiles avoid disruptions from expired certificates. |
| Multiple User Profiles per Account | Allows users to hold additional profiles, ensuring at least one matches the latest CA certificate and preventing connection disruptions. |
| Authentication Failure Lockout Policy | Prevents brute-force attacks by locking users out after repeated failed login attempts. Threshold and timeout duration are customizable. |
| Web Services Encryption | Secures Client and Admin Web UI traffic with self-signed web certificates out of the box, with support for valid SSL certificates. |
| Client-Side Script Support (Windows and macOS) | Allows tasks to run automatically when a user connects, such as opening a browser or launching a program. |
Simplified Routing
| Feature | Description |
|---|---|
| Split-Tunneling | Allows traffic bound for public internet destinations to bypass the VPN, improving speed and latency while reducing Access Server load. |
| Least Privilege Access (ZTNA) | Defines which IP subnets or specific IP addresses a user can access, with the ability to narrow access down to a specific port. |
| NAT and Routing | Configurable in NAT mode (all connections initiated by clients) or Routing mode (both clients and Access Server can initiate connections). |
| Site-to-Site & Point-to-Site Routing | Supports connecting a router at one site with Access Server at another to extend your business network to remote offices. |
| Domain Name-Based Routing | Uses domain names instead of IP address subnets to simplify network routing and configure access to resources. |
Automation & Logs
| Feature | Description |
|---|---|
| Log Reports | Shows past connections to Access Server with relevant metadata including user identity, IP address, connection duration, and more. |
| Remote Logging | Writes and stores log data to the local syslog daemon or an external syslog server for centralized log management and compliance. |
| XML-RPC & REST API | Integrates with other systems to manage Access Server programmatically and automate workflows. |
* Available via post-authentication script. More features and enhancements coming soon.
Customer Testimonials
"I have a use case where we are running two parallel VPNs. OpenVPN blows our other VPN server out of the water in terms of speed."
"Access Server combines power, versatility, and security in an affordable package, solving key challenges such as remote productivity, sensitive data protection, and scalability."
"We migrated VPN solutions around 4 years ago and identified OpenVPN as the ideal solution for us. It ticked a lot of boxes for us, particularly with regards to 2FA and a zero trust approach to user's access with profiles. Pricing is very competitive too. Customer support is very good too."
See what others are saying about Access Server on G2.
© 2025 OpenVPN Inc. OpenVPN® is a registered trademark of OpenVPN, Inc. | openvpn.net
Comments
0 comments
Article is closed for comments.