Build openvpn based on user password authentication on CentOS 6.6 x64

Source: Internet
Author: User

Build openvpn based on user password authentication on CentOS 6.6 x64

I. Deployment

For more information about the deployment, see my previous article. Here we will simply modify the previous article.

Http://www.centoscn.com/image-text/config/2015/0717/5874.html

Ii. Modification

# Vim/etc/openvpn/server. conf

Add the following lines of data at the end of the configuration file:

Script-security 3 system

Auth-user-pass-verify/etc/openvpn/checkpsw. sh via-env

Client-cert-not-required

Username-as-common-name

Create the checkpsw. sh script:

# Cd/etc/openvpn

# Vim checkpsw. sh

#! /Bin/sh

######################################## ###################

# Checkpsw. sh (C) 2004 Mathias Sundman <mathias@openvpn.se>

#

# This script will authenticate OpenVPN users against

# A plain text file. The passfile shoshould simply contain

# One row per user with the username first followed

# One or more space (s) or tab (s) and then the password.

PASSFILE = "/etc/openvpn/psw-file"

LOG_FILE = "/var/log/openvpn/openvpn-password.log"

TIME_STAMP = 'date "+ % Y-% m-% d % T "'

######################################## ###################

If [! -R "$ {PASSFILE}"]; then

Echo "$ {TIME_STAMP}: cocould not open password file \" $ {PASSFILE} \ "for reading." >$ {LOG_FILE}

Exit 1

Fi

CORRECT_PASSWORD = 'awk '! /^ ;/&&! /^ #/& $1 = "'$ {username}'" {print $2; exit} '$ {PASSFILE }'

If ["$ {CORRECT_PASSWORD}" = ""]; then

Echo "$ {TIME_STAMP}: User does not exist: username = \" $ {username} \ ", password = \" $ {password }\". ">>$ {LOG_FILE}

Exit 1

Fi

If ["$ {password}" = "$ {CORRECT_PASSWORD}"]; then

Echo "$ {TIME_STAMP}: Successful authentication: username = \" $ {username} \ "." >>$ {LOG_FILE}

Exit 0

Fi

Echo "$ {TIME_STAMP}: Incorrect password: username = \" $ {username} \ ", password = \" $ {password} \ "." >$ {LOG_FILE}

Exit 1

# Chmod + x checkpsw. sh

Create a psw-file:

# Cd/etc/openvpn

# Echo "test1 test1"> psw-file

# Chmod 400 psw-file

Add the boot item:

# Chkconfig openvpn on

Restart openvpn Server:

# Serviceopenvpn start

Take windows as an example:

Client operation steps:

Download windows client:

Http://openvpn.ustc.edu.cn/openvpn-install-2.3.6-I603-x86_64.exe

After the client software is installed, extract the certificate required by the client packaged from the server to the config directory under the Client installation directory.

Create a client configuration file:

Client. ovpn

Client

Dev tun

Proto tcp

Remote 211.152.x.x 1194

Nobind

User nobody

Group nobody

Persist-key

Persist-tun

Ca. crt

; Cert client-user-test1.crt

Key client-user-test1.key

Comp-lzo

Verb 3

Auth-user-pass

Reneg-sec 360000

Enter the account test1 and test1 to log on.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.