Centos6.4 quickly build an openvpn server based on user name and password authentication
Today, VPN applications are widely used. I have previously written a blog on PPTPD. The link is http://cyr5425blog.51cto.com/714067/4101788.
The home has recently changed a new broadband. You cannot use the company's PptpdVPN. the dialing status remains at the step of verifying the user name and
OpenVPN server verified by account and password
EnvironmentServer: CentOS 6.7 32-bitClient: Windows XP
Server Configuration# Disable SELinuxSed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configSetenforce 0
# Install mysql-serverYum-y install mysql-server
# Start the mysqld serviceService mysqld start
# Initialize the mysql administrator passwordMysqladmin-uroot p
Build openvpn based on user password authentication on CentOS 6.6 x64
I. Deployment
For more information about the deployment, see my previous article. Here we will simply modify the previous article.
Http://www.centoscn.com/image-text/config/2015/0717/5874.html
Ii. Modification
# Vim/etc/openvpn/server. conf
Add the following lines of data at the end of the co
Enable Password Authentication for OPENVPN
1. Server Configuration
1. Modify the main configuration file of openvpn and add the following content:
[Root @ ttt openvpn] # cat/etc/openvpn/server. conf | more
######### Auth password
First step: Modify the server-side configuration file:
Auth-user-pass-verify/usr/local/openvpn/etc/checkpsw.sh via-env
Client-cert-not-required
Username-as-common-name
Script-security 3
Note: If you add client-cert-not-required, then the user name password is used to authenticate the login, and if not, the certificate and username password are required to do
-----------------------
Openvpn is an open-source VPN software used on LINUX gateway servers. as its name implies, openvpn is used to connect a secure virtual private channel, allowing users to remotely work and obtain intranet resources.
The software can be used across platforms in Linux, xBSD, Mac OSX, and Windows. openssl is used as the encryption library and the encrypted certificate or user name/
certificate request.
What you are about to enter the What is called a distinguished Name or a DN.
There are quite a few fields but you can leave some
For some fields there would be a default value,
If you enter '. ', the field would be left blank.
-----
Country Name (2 letter code) [CN]:
State or province Name (full name) [Shanghai]:
Locality Name (eg, city) [Pudong]:
Organization Name (eg, company) [Prime]:
Organizational unit Name (eg, section) [Social Media]:
Common nam
.
Details of the four servers used in this article:
Code:
IP address of the operating system server in IDC Vpn Mode
Vpn server RedHat 9.0 public network IP1 (China Netcom)
Public Network IP2 (China Telecom)
Guangzhou IDC Vpn client FreeBSD4.9 10.1.0.1
Hebei data center Vpn client RedHat9.0 10.2.0.1
Hangzhou data center Vpn client FreeBsd4.9 10.3.0.1
3.2 Network Security
In addition to the vpn server, vpn clients in other data centers do not need public IP addresses, so the vpn server n
"
Set_varEASYRSA_REQ_EMAIL "503579266@qq.com"Set_varEASYRSA_REQ_OU "MyOpenVPN"
4. Create a server certificate and key
(1) initialization
[Root @ vpneasyrsa3] # ls
Easyrsaopenssl-1.0.cnfvarsvars.examplex509-types
[Root @ vpneasyrsa3] #
[Root @ vpneasyrsa3] #./easyrsainit-pki
Note: using Easy-RSAconfiguration from:./vars
Init-pki complete; you may nowcreate a CA or requests.Your newly created PKI dir is:/usr/local/share/doc/openvpn/easy-rsa/easyrsa3/pk
Rotten mud: ubuntu 14.04 OpenVPN server, 14.04 openvpn
This article is written by Xiuyi Lin FengProviding friendship sponsorship, first launched in the dark world
The company branch needs to connect to the company's internal server, but the server only allows access to the company's internal network.
To solve this problem, we plan to use VPN. PPTP is the most widely used solution for VPN in the past, but
........................................ ........................ ++... ++Writing new private key to 'server. key'-----You are about to be asked to enter information that will be ininitializedInto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Provi
parameters, 2048 bit long safe prime, generator 2This is going to take a long time........ + ..................................... + .. + ....................................... ........................................ ........................................ .......................DH parameters of size 2048 created at/etc/openvpn/easy-rsa/easyrsa3/pki/dh. pem
Step 4: Create a client certificate
A: Go to the root directory and create A client folder
........................................ .......... ++
...
Writing new private key to 'vpnserver. key'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Provin
ca. crt and ca. key. in the/etc/openvpn/easy-rsa/keys directory are in the/etc/openvpn/easy-rsa/keys directory.
Generate a server key
Bash-3.2 #./build-key-server
Generating a 1024 bit RSA private key
...
... ++
Writing new private key to server. key
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called
OpenVPN is a software package used to create a VPC encrypted channel. It implements a two-or three-tier tunnel-based VPN. It was first written by James Yonan. OpenVPN allows the created VPN to use a public key, digital certificate, or user name/password for authentication. It uses a large number of SSLv3/TLSv1 protocol libraries in the OpenSSL encryption library.
Mud: openvpn configuration file details, openvpn configuration file
This document consistsXiuyi Lin FengProviding friendship sponsorship, first launchedThe world
In the previous article "build OpenVPN server in ubuntu 14.04", we mainly explained how to build and use openvpn. In this article, we will detail the config
Challenge Password []:abcd1234An optional company name []:xiaohui.comUsing Configuration From/openvpn-2.0.5/easy-rsa/openssl.cnfCheck that the request matches the signatureSignature OKThe Subject ' s distinguished Name is as followsCountryName:P rintable: ' CN 'Stateorprovincename:P rintable: ' GD 'Localityname:P rintable: ' SZ 'OrganizationName:P rintable: ' xiaohui.com 'Organizationalunitname:printable:
about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [JP]:State or Province Name (full name) [JP]:Locality Name (eg, city) [Tokyo]:Organization Name (eg, company) [heylinux.com]:Organizational Unit Name (eg, section) [MyOrganizationalUnit]:Common Name (eg, your name or your server's hostname) [heylinux.co
'attributesTo be sent with your certificate requestA challenge password []: wjpinrainAn optional company name []: bokeeUsing configuration from/home/weijunping/openvpn-2.0.9/easy-rsa/openssl. cnfCheck that the request matches the signatureSignature OKThe Subject's Distinguished Name is as followsCountryName: PRINTABLE: 'cn'StateOrProvinceName: PRINTABLE: 'BJ'LocalityName: PRINTABLE: 'BJ'OrganizationName: P
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.