OPENVPN开启用户password认证

一、服务端配置

1、改动openvpn的主配置文件,加入例如以下内容

[root@ttt openvpn]# cat /etc/openvpn/server.conf |more

#########auth password########

script-security 3                  ###--增加脚本处理,如用password验证

auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env     ###指定仅仅用的认证脚本

client-cert-not-required       #####不请求客户的CA证书,使用User/Pass验证,假设同一时候启用证书和password认证,凝视掉该行

username-as-common-name   ###   使用客户提供的UserName作为Common Name



############################

2、依照配置文件里的脚本路径放置checkpsw.sh

[root@ttt openvpn]# cat checkpsw.sh 

#!/bin/sh

###########################################################

# checkpsw.sh (C) 2004 Mathias Sundman <mathias@openvpn.se>

#

# This script will authenticate OpenVPN users against

# a plain text file. The passfile should simply contain

# one row per user with the username first followed by

# one or more space(s) or tab(s) and then the password.





PASSFILE="/etc/openvpn/psw-file"

LOG_FILE="/var/log/openvpn-password.log"

TIME_STAMP=`date "+%Y-%m-%d %T"`



###########################################################



if [ ! -r "${PASSFILE}" ]; then

  echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}

  exit 1

fi



CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`



if [ "${CORRECT_PASSWORD}" = "" ]; then 

  echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}

  exit 1

fi



if [ "${password}" = "${CORRECT_PASSWORD}" ]; then 

  echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}

  exit 0

fi



echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}

exit 1

3、赋予该脚本运行权限

[root@ttt  openvpn]# chmod +x checkpsw.sh

4、准备username和password认证文件,username和password用空格隔开,同一时候确保openvpn启动用户可读取该文件

[root@ttt openvpn]# cat psw-file 

client01 123456

client02 123456789

为了安全起见,将psw-file的权限尽量改小

[root@ttt openvpn]# chmod 400 psw-file

[root@ttt openvpn]# chown nobody.nobody psw-file

5、重新启动openvpn的服务进程

二、改动client的配置文件,加入以下一行

auth-user-pass

三、开启windowsclient,进行password认证

OPENVPN开启用户password认证

上一篇:手机wap网站建设的方法和技巧


下一篇:jquery json 格式教程