Installing and Configuring OpenVPN Access Server

I've used ssh before to connect to my home router and send web traffic through it when I was out on untrusted public networks.  I thought that it would be nice to take that to the next step and set up a VPN server at home.  That way, I'd be able to connect to my home network securely from the internet.  I can also use it to secure my network traffic when on a public wifi connection.

Now that I have an ESXi server up, I thought that I'd try to use a dedicated virtual machine.  I searched for existing appliances, and found the OpenVPN Access Server appliance here.  The directions for configuring it are here.

There is a great description of what OpenVPN Access Server is on this page.

OpenVPN Access Server is a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.

It comes with two free licenses, which supports two concurrent connections.

I configured it using most defaults.  I then set up my router to forward TCP traffic on port 443 to the appliance, which I gave a static IP address.  The web interface is actually on port 943, but the server will automatically route https requests on port 443 to port 943.  There is also a UDP daemon on port 1194.

I was able to connect to the server using my phone and an OpenVPN client.  I downloaded the configuration from the server and connected with my username and password.

This was nice, but I'd much rather use certificates (public/private keys), especially because this is exposed to the internet.  My next step is to configure the server and clients to use PKI (Public Key Infrastructure).

Importing VMs to ESXi 5.1

I want to put some test VMs on the ESXi server.  There are many available.  The one that I am specifically using is Metasploitable 2.  It comes as a zip file, which expands to a standard VMware image (*.nvram, *.vmdk, *.vmsd, *.vmx, *.vmxf).

You'd think that you could import this using vSphere Client, but the VM has to be converted first using the (free but registration required) VMware Vcenter Converter Standalone.  I downloaded version 5.1 and installed it.

This is the screen that I got when first starting it.







I selected convert machine (top right).  In the Conversion dialog, I selected source type as "VMware Workstation or other VMware virtual machine" and the source as the *.vmx file.



Then I selected the destination type as "VMware Infrastructure virtual machine" and put in my server details.


I hit next, and the converter connected to the ESXi server.  This is where I could assign a new name to the VM.  I left it as Metasploitable.

The next screen asked which datastore to use for VM and what VM version to make it.  I left the defaults.  The next screen listed some options (disk, cpu, network, etc.) that could be changed.  I left them as is and hit next.  The last screen was a summary/confirmation screen.  The converter submitted the job after I clicked "finish."

Here is what the job looked like.


 It quickly changed from one hour to six minutes.  The new machine showed up in vSphere Client right away.