Use MYSQL to store OpenVPN authentication information OpenVPN
BitsCN.com
Use MYSQL to store OpenVPN verification information to install OPenVPN 1. install MYSQL [root @ localhost ~] # Tar mysql-5.1.57.tar.gz zxvf [root @ localhost ~] # Cd mysql-5.1.57 [root @ localhost mysql-5.1.57] #. /configure-prefix =/usr/local/mysql/-with-extra-charsets = complex/-enable-starter ER/-with-pthread/-enable-thread-safe-client/ -with-big-tables/-with-plugins = innobase, innodb_plugin/-with-embedded-server/-enable-local-infile/-with-readline/> & make install # create an account [root @ localhost mysql-5.1.57] # useradd mysql-M-s/sbin/nolog In # change directory permissions [root @ localhost mysql-5.1.57] # chown-R mysql: mysql/usr/local/mysql # Copy the configuration file [root @ localhost mysql-5.1.57] # cp support-files/my-medium.cnf/etc/my. cnf # Copy the service startup file [root @ localhost mysql-5.1.57] # cp support-files/mysql. server/etc/init. d/mysqld # add the execution permission [root @ localhost mysql-5.1.57] # chmod + x/etc/init. d/mysqld # Initialize the database [root @ localhost mysql-5.1.57] #/usr/local/mysql/bin/mysql_insta Ll_db-user = mysql 2. install the compression component [root @ localhost ~] # Tar zxvf lzo-2.05.tar.gz [root @ localhost lzo-2.05] #./configure & make install 3. install OPENVPN [root @ localhost ~] # Tar zxvf openvpn-2.0.9.tar.gz [root @ localhost openvpn-2.0.9] #. /configure & make install # Copy the service startup file [root @ localhost openvpn-2.0.9] # cp sample-scripts/openvpn. init/etc/init. d/openvpn # Create a configuration folder [root @ localhost openvpn-2.0.9] # mkdir/etc/openvpn/-p # Copy the configuration file [root @ localhost openvpn-2.0.9] # cp. /sample-config-files/server. conf/etc/openvpn/# enter [root @ localhost openvpn-2.0.9] # cd. /easy -Rsa/2.0/# configure vars [root @ localhost 2.0] # vim vars # Change to the following content # These are the default values for fields # which will be placed in the certificate. # Don't leave any of these fields blank. export KEY_COUNTRY = "CN" export KEY_PROVINCE = "CN" export KEY_CITY = "BeiJing" export KEY_ORG = "Bejing" export KEY_EMAIL = lishixin@pingco.com # run [root @ localhost 2.0] # source. /vars [root @ localhost2.0] #. /clean-all # Create a configuration file [root @ localhost 2.0] #. /build-ca [root @ localhost 2.0] #. /build-key-server [root @ localhost 2.0] #. /build-dh [root @ localhost 2.0] # openvpn-genkey-secret keys/ta. key # copy to the configuration folder directory [root @ localhost 2.0] # cp keys/*/etc/openvpn/# enter the execution module [root @ localhost openvpn-2.0.9] # cd. /plugin/auth-pam/[root @ localhost auth-pam] # make [root @ localhost auth-pam] # cp openvpn-auth-pam.so/etc/openv Pn/4. install the PAM_MYSQL component [root @ localhost ~] # Tar zxvf pam_mysql-0.7RC1.tar.gz [root@localhostpam_mysql-0.7RC1] #. /configure/-with-mysql =/usr/local/mysql & make install # Create a soft chain [root @ localhost ~] # Ln-s/lib/security/pam_mysql.so/lib64/security/5. configuration integration 1. configure the database [root @ localhost ~] # Service mysqld start # set a ROOT database access password 111111 [root @ localhost ~] #/Usr/local/mysql/bin/mysqladmin password 111111 # create database mysql> create database openvpn; # create a table mysql> use openvpn; database changed mysql> create table user (-> name char (20) not null,-> password char (128) default NULL,-> active int (10) not null default 1, -> primary key (name)->); Query OK, 0 rows affected (0.02 sec) # insert a mysql> insert into user (name, password) values ('lishixin', pass Word ('lishixin'); # Query ## create an account mysql> grant all privileges on openvpn. * to "openvpn" @ "127.0.0.1" identified by "openvpn"; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) 2. configure the PAM module # create [root @ localhost ~] # Vim/etc/pam. d/openvpn # add the following content auth optional pam_mysql.so user = openvpn passwd = openvpn host = 127.0.0.1 db = openvpn table = user usercolumn = name passwdcolumn = password where = active = 1 sqllog = 0 crypt = 2 account required pam_mysql.so user = openvpn passwd = openvpn host = 127.0.0.1 db = openvpn table = user usercolumn = name passwdcolumn = password where = active = 1 sqllog = 0 crypt = 2 3, check whether the related module # saslauthd is installed [root @ localho St ~] # Rpm-qa | grep sasl cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-2.1.22-5.el5_4.3 4. test PAM_MYSQL # run [root @ localhost ~] # Saslauthd-a pam # return OK as normal [root @ localhost ~] # Testsaslauthd-ulishixin-plishixin-s openvpn 0: OK "Success. "If it is abnormal, check/var/log/messages and/var/log/messages # end the test process [root @ localhost ~]. # Killall saslauthd 5. configure OPENVPN # check the following value: local 0.0.0.0 # route push "route 192.168.10.0 route 255.255.0" tls-auth ta to be advertised on your OPENVPN Server. key 0 # This file is secret log openvpn. log plugin. /openvpn-auth-pam.so openvpn client-cert-not-required username-as-common-name 6, start OPENVPN [root @ localhost openvpn] # service openvpn start 6, configure the client 1, install the client # # One-way carriage return installation successful 2. configure the client # enter the default installation directory C: /Program Files/OpenVPN/config # Create Create a configuration file client. ovpn client dev tun proto udp remote 192.168.242.128 1194 resolv-retry infinite nobind persist-key persist-tun ca. crt auth-user-pass ns-cert-type server tls-auth ta. key 1 comp-lzo verb 3 auth-nocache 3. download the following configuration file Ca from the server. crt Ta. key 7. installation completion 8. detailed configuration methods are self-researched in conclusion and will not be described one by one. Author: Li Shi new bitsCN.com