Use MYSQL to store OpenVPN verification information to install OPenVPN 1. Install MYSQL [root @ localhost ~] # Tar zxvf mysql-5.1.57.tar.gz www.2cto.com [root @ localhost ~] # Cd mysql-5.1.57 [root @ localhost mysql-5.1.57] #. /configure-prefix =/usr/local/mysql \-with-extra-charsets = complex \-enable-Cycler \-with-pthread \-enable-thread-safe-client \ -with-big-tables \-with-plugins = innobase, innodb_plugin \-with-embedded-server \-enable-local-infile \ www.2cto.com-with-readline \> & make install # create account [root @ localhost mysql-5.1.57] # useradd mysql-M- S/sbin/nologin # Change directory permissions [root @ localhost mysql-5.1.57] # chown-R mysql: mysql/usr/local/mysql # copy the configuration file [root @ localhost mysql-5.1.57] # cp support-files/my-medium.cnf/etc/my. cnf # copy the Service Startup File [root @ localhost mysql-5.1.57] # cp support-files/mysql. server/etc/init. d/mysqld # Add the execution permission [root @ localhost mysql-5.1.57] # chmod + x/etc/init. d/mysqld # initialize the database [root @ localhost mysql-5.1.57] #/usr/local/mysql/bi N/mysql_install_db-user = mysql 2. Install the compression component [root @ localhost ~] # Tar zxvf lzo-2.05.tar.gz www.2cto.com [root @ localhost lzo-2.05] #./configure & make install 3. install OPENVPN [root @ localhost ~] # Tar zxvf openvpn-2.0.9.tar.gz [root @ localhost openvpn-2.0.9] #. /configure & make install # copy the Service Startup File [root @ localhost openvpn-2.0.9] # cp sample-scripts/openvpn. init/etc/init. d/openvpn # create a configuration folder [root @ localhost openvpn-2.0.9] # mkdir/etc/openvpn/-p # copy the configuration file [root @ localhost openvpn-2.0.9] # cp. /sample-config-files/server. conf/etc/openvpn/# enter [root @ localhost openvpn-2.0.9] # cd. /easy -Rsa/2.0/# configure vars [root @ localhost 2.0] # vim vars # change to the following content # These are the default values for fields # which will be placed in the certificate. # Don't leave any of these fields blank. export KEY_COUNTRY = "CN" export KEY_PROVINCE = "CN" export KEY_CITY = "BeiJing" export KEY_ORG = "Bejing" www.2cto.com export KEY_EMAIL = lishixin@pingco.com # Run [root @ localhost 2.0] # source. /vars [root @ local host 2.0] #. /Clean-all # create a configuration file [root @ localhost 2.0] #. /build-ca [root @ localhost 2.0] #. /build-key-server [root @ localhost 2.0] #. /build-dh [root @ localhost 2.0] # openvpn-genkey-secret keys/ta. key # copy to the configuration folder directory [root @ localhost 2.0] # cp keys/*/etc/openvpn/# enter the execution module [root @ localhost openvpn-2.0.9] # cd. /plugin/auth-pam/[root @ localhost auth-pam] # make [root @ localhost auth-pam] # cp openvpn-auth-pam. So/etc/openvpn/4. Install the PAM_MYSQL component [root @ localhost ~] # Tar zxvf pam_mysql-0.7RC1.tar.gz www.2cto.com [root@localhostpam_mysql-0.7RC1] #. /configure \-with-mysql =/usr/local/mysql & make install # create a soft link [root @ localhost ~] # Ln-s/lib/security/pam_mysql.so/lib64/security/5. Configuration integration 1. Configure the database [root @ localhost ~] # Service mysqld start # Set a ROOT database access password 111111 [root @ localhost ~] #/Usr/local/mysql/bin/mysqladmin password 111111 # create database mysql> create database openvpn; # create a table mysql> use openvpn; database changed mysql> create table user (-> name char (20) not null, www.2cto.com-> password char (128) default NULL,-> active int (10) not null default 1,-> primary key (name)->); Query OK, 0 rows affected (0.02 sec) # insert a mysql> insert into user (name, password) values ('l Ishixin ', password ('lishixin'); # query ## create an account www.2cto.com mysql> grant all privileges on openvpn. * to "openvpn" @ "127.0.0.1" identified by "openvpn"; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) 2. Configure the PAM module # create [root @ localhost ~] # Vim/etc/pam. d/openvpn # Add the following content auth optional pam_mysql.so user = openvpn passwd = openvpn host = 127.0.0.1 db = openvpn table = user usercolumn = name passwdcolumn = password where = active = 1 sqllog = 0 crypt = 2 account required pam_mysql.so user = openvpn passwd = openvpn host = 127.0.0.1 db = openvpn table = user usercolumn = name passwdcolumn = password where = active = 1 sqllog = 0 crypt = 2 3, check whether related modules www.2cto.com # saslauthd are installed [Root @ localhost ~] # Rpm-qa | grep sasl cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-2.1.22-5.el5_4.3 4. Test PAM_MYSQL # Run [root @ localhost ~] # Saslauthd-a pam # Return OK as normal [root @ localhost ~] # Testsaslauthd-ulishixin-plishixin-s openvpn 0: OK "Success. "If it is abnormal, check/var/log/messages and/var/log/messages # end the test process [root @ localhost ~]. # Killall saslauthd www.2cto.com 5. Configure OPENVPN # view the following values: local 0.0.0.0 # route push "route 192.168.10.0 route 255.255.0" tls-auth ta to be advertised on your OPENVPN server. key 0 # This file is secret log openvpn. log plugin. /openvpn-auth-pam.so openvpn client-cert-not-required username-as-common-name 6, start OPENVPN [root @ localhost openvpn] # service openvpn start 6, configure the client 1, install the client # # One-Way carriage return installation successful 2. Configure the Client # enter the default installation directory www.2cto.com C: \ Progra M Files \ OpenVPN \ config # create a configuration file client. ovpn client dev tun proto udp remote 192.168.242.128 1194 resolv-retry infinite nobind persist-key persist-tun ca. crt auth-user-pass ns-cert-type server tls-auth ta. key 1 comp-lzo verb 3 auth-nocache www.2cto.com 3. download the following configuration file Ca from the server. crt Ta. key 7. Installation completion 8. Detailed configuration methods are self-researched in conclusion and will not be described one by one. Author Li Shixin