Build openvpn based on user password authentication on CentOS 6.6 x64

Build openvpn based on user password authentication on CentOS 6.6 x64

I. Deployment

For more information about the deployment, see my previous article. Here we will simply modify the previous article.

Http://www.centoscn.com/image-text/config/2015/0717/5874.html

Ii. Modification

# Vim/etc/openvpn/server. conf

Add the following lines of data at the end of the configuration file:

Script-security 3 system

Auth-user-pass-verify/etc/openvpn/checkpsw. sh via-env

Client-cert-not-required

Username-as-common-name

Create the checkpsw. sh script:

# Cd/etc/openvpn

# Vim checkpsw. sh

#! /Bin/sh

######################################## ###################

# Checkpsw. sh (C) 2004 Mathias Sundman <mathias@openvpn.se>

#

# This script will authenticate OpenVPN users against

# A plain text file. The passfile shoshould simply contain

# One row per user with the username first followed

# One or more space (s) or tab (s) and then the password.

PASSFILE = "/etc/openvpn/psw-file"

LOG_FILE = "/var/log/openvpn/openvpn-password.log"

TIME_STAMP = 'date "+ % Y-% m-% d % T "'

######################################## ###################

If [! -R "$ {PASSFILE}"]; then

Echo "$ {TIME_STAMP}: cocould not open password file \" $ {PASSFILE} \ "for reading." >$ {LOG_FILE}

Exit 1

Fi

CORRECT_PASSWORD = 'awk '! /^ ;/&&! /^ #/& $1 = "'$ {username}'" {print $2; exit} '$ {PASSFILE }'

If ["$ {CORRECT_PASSWORD}" = ""]; then

Echo "$ {TIME_STAMP}: User does not exist: username = \" $ {username} \ ", password = \" $ {password }\". ">>$ {LOG_FILE}

Exit 1

Fi

If ["$ {password}" = "$ {CORRECT_PASSWORD}"]; then

Echo "$ {TIME_STAMP}: Successful authentication: username = \" $ {username} \ "." >>$ {LOG_FILE}

Exit 0

Fi

Echo "$ {TIME_STAMP}: Incorrect password: username = \" $ {username} \ ", password = \" $ {password} \ "." >$ {LOG_FILE}

Exit 1

# Chmod + x checkpsw. sh

Create a psw-file:

# Cd/etc/openvpn

# Echo "test1 test1"> psw-file

# Chmod 400 psw-file

Add the boot item:

# Chkconfig openvpn on

Restart openvpn Server:

# Serviceopenvpn start

Take windows as an example:

Client operation steps:

Download windows client:

Http://openvpn.ustc.edu.cn/openvpn-install-2.3.6-I603-x86_64.exe

After the client software is installed, extract the certificate required by the client packaged from the server to the config directory under the Client installation directory.

Create a client configuration file:

Client. ovpn

Client

Dev tun

Proto tcp

Remote 211.152.x.x 1194

Nobind

User nobody

Group nobody

Persist-key

Persist-tun

Ca. crt

; Cert client-user-test1.crt

Key client-user-test1.key

Comp-lzo

Verb 3

Auth-user-pass

Reneg-sec 360000

Enter the account test1 and test1 to log on.