Build openvpn based on user password authentication on CentOS 6.6 x64
I. Deployment
For more information about the deployment, see my previous article. Here we will simply modify the previous article.
Http://www.centoscn.com/image-text/config/2015/0717/5874.html
Ii. Modification
# Vim/etc/openvpn/server. conf
Add the following lines of data at the end of the configuration file:
Script-security 3 system
Auth-user-pass-verify/etc/openvpn/checkpsw. sh via-env
Client-cert-not-required
Username-as-common-name
Create the checkpsw. sh script:
# Cd/etc/openvpn
# Vim checkpsw. sh
#! /Bin/sh
######################################## ###################
# Checkpsw. sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
#
# This script will authenticate OpenVPN users against
# A plain text file. The passfile shoshould simply contain
# One row per user with the username first followed
# One or more space (s) or tab (s) and then the password.
PASSFILE = "/etc/openvpn/psw-file"
LOG_FILE = "/var/log/openvpn/openvpn-password.log"
TIME_STAMP = 'date "+ % Y-% m-% d % T "'
######################################## ###################
If [! -R "$ {PASSFILE}"]; then
Echo "$ {TIME_STAMP}: cocould not open password file \" $ {PASSFILE} \ "for reading." >$ {LOG_FILE}
Exit 1
Fi
CORRECT_PASSWORD = 'awk '! /^ ;/&&! /^ #/& $1 = "'$ {username}'" {print $2; exit} '$ {PASSFILE }'
If ["$ {CORRECT_PASSWORD}" = ""]; then
Echo "$ {TIME_STAMP}: User does not exist: username = \" $ {username} \ ", password = \" $ {password }\". ">>$ {LOG_FILE}
Exit 1
Fi
If ["$ {password}" = "$ {CORRECT_PASSWORD}"]; then
Echo "$ {TIME_STAMP}: Successful authentication: username = \" $ {username} \ "." >>$ {LOG_FILE}
Exit 0
Fi
Echo "$ {TIME_STAMP}: Incorrect password: username = \" $ {username} \ ", password = \" $ {password} \ "." >$ {LOG_FILE}
Exit 1
# Chmod + x checkpsw. sh
Create a psw-file:
# Cd/etc/openvpn
# Echo "test1 test1"> psw-file
# Chmod 400 psw-file
Add the boot item:
# Chkconfig openvpn on
Restart openvpn Server:
# Serviceopenvpn start
Take windows as an example:
Client operation steps:
Download windows client:
Http://openvpn.ustc.edu.cn/openvpn-install-2.3.6-I603-x86_64.exe
After the client software is installed, extract the certificate required by the client packaged from the server to the config directory under the Client installation directory.
Create a client configuration file:
Client. ovpn
Client
Dev tun
Proto tcp
Remote 211.152.x.x 1194
Nobind
User nobody
Group nobody
Persist-key
Persist-tun
Ca. crt
; Cert client-user-test1.crt
Key client-user-test1.key
Comp-lzo
Verb 3
Auth-user-pass
Reneg-sec 360000
Enter the account test1 and test1 to log on.