Monday, June 29, 2026

Create OpenVPN Access Server with Let's Encrypt (Azure)

Here's how you could install and configure OpenVPN in the Azure cloud. 
In this instance the pre-built vm was selected

Part of the default install will be Azure providing you with a PEM key. 
You'll want to save this and possible store it safely somewhere.

1.      Download PuTTY application

2.      With Azure, it provides you a PEM key to access the box using SSH.  (this is the password so to speak).  With PUTTY being a super popular way to SSH to a box, the PEM key needs to be converted to a PPK (Private Key File)

3.      Launch the PuTTYgen app.

Click Conversions > Import Key.

4.       Select the key file you used to generate your server.   
 With Azure, you dont need a keyphrase, you can just click "Save Private Key"

5.      Save private key.

  1. Close PuTTYgen.
  2. Connect with SSH by using PuTTY
  3. Open PuTTY, and configure your connection values and SSH key. 

The PuTTY Configuration pane

  1. In the Host Name (or IP address) box, enter the username and public IP address of the machine (for example, username@192.XXX.XXX.XX).
    The default user for azure ssh is "azureuser"
  2. Validate that the Port is 22 and the Connection type is SSH.
  3. In the Category tree, expand SSH and Auth, select "Credentials"

 

  1. Next to the Private key file for authentication box, select Browse, and then search for the private key file (<filename>.ppk) of your public and private key pair.
  2. In the Category tree, select Session.

The PuTTY Configuration pane "Saved Sessions" box

  1. Under Saved Sessions, enter a name for the session, and then select Save.
  2. In the Saved Sessions list, select the name of your session, and then select Load.
  3. Select Open. The SSH session opens.
  4. The default user for azure ssh is "azureuser"
  5. Logon to the server, you will be prompted to enter the user name, and if you have the key configured properly, you will be logged in.

  1. You will be asked to agree to the license

  1. You will then be asked a series of configuration question

21. In this example, all the defaults were selected.

22. You will also be presented with the random generated GUI password, so look for that

  1. Once the questions are answered, the final bits of configuration will be completed, and you will be presented with the logon information for the GUI

  1. Update the Ubunut installation with the latest
  2. sudo apt update

26. sudo apt upgrade -y

  1. In Azure, go to Network Settings 

28. Its a good idea to update the default SSH rule to be the WAN IP of your network to reduce chances of an attack through the SSH PORT



29. Click on the "SSH" and then change the SOURCE from ANY to IP Addresses

30. Then in the source IP put in your WAN ip



  1. SAVE the changes and select +Create Port Rule

  1. Set the destination port ranges to be "943" (default port used by OpenVPN Admin)
  2. Give it a NAME and then press add

 



 

  1. It will look like this when done

 

  1. If you are going to be adding some certificates to this box,
    you may need to add port '80' for the system to download the challenge files from the server
  2. Additionally, you will need to open port 443 and 1194 so that users can access this box
  3. Now try and access the server with the IP  and /admin provided in the example


Select Advanced



38. Select CONTINUE

  1. The "UNSECURE" means you have no CERTS for the box, yet.
  2. Enter in the credentials provided when you were configuring the system in the cli
  3. Enter in your credentials

42. openvpn / CvIrJINl4CBp

  1. You'll get prompted with a License Agreement



 

  1. You'll be in the GUI now

  1. Change the GUI openvpn admin password

46. Goto USERS -> OpenVPN -> Reset Password

  1. now lest add this new server to our existing license (you can share the licences among different servers)
  2. Logon to your OpenVPN.com license site.  

49. Copy the Activation key from your subscription

 

  1. Select "ACTIVATION" and then paste the key into the box and press "ACTIVATE"

 

  1. If successful you will be taken to a screen similar 

 

  1. The above picture shows "30" in yellow as the number of available licenses this account has, and the green shows the number of licenses in use on other servers.
  2. Now click on Certificate management

  1. Go into the DNS provider and add in the DNS name for this box and its ip.

    in my case, the domain is hosted in GoDaddy, so I go in an add an A record name for the box and its IP address


  2. In OpenVPN 
    put in the FQD name of the server that matches your FULL DNS name


  3. This link is openVPN server's link how to install Lets encrypt.  It works very well
  4. Access Server: Install Let's Encrypt SSL Certificates and Automate it via CertBot – OpenVPN Support Center

55. 



Posted by at

No comments:

Post a Comment

Feel free to leave a comment! If you have any information that you think should be included, please do so here and I'll get it added in.

Subscribe to: Post Comments (Atom)