open***设置使用账号密码登录(4)
参考:
https://www.iblog.zone/archives/openvpn-%E8%AE%BE%E7%BD%AE%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E7%99%BB%E5%BD%95/
1. 写个脚本(脚本是由官网提供)
vim /etc/openvpn/checkpsw.sh
#!/bin/sh
###########################################################
# checkpsw.sh (C) 2004 Mathias Sundman
#
# This script will authenticate OpenVPN users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.
PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/etc/openvpn/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
###########################################################
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
2.接下来给脚本执行权限
chmod 755 /etc/openvpn/checkpsw.sh
3.配置用户密码文件
vim /etc/openvpn/psw-file #前面为用户名,后面为密码。 中间使用空格分开 abclent 123456 abc 123456 test test123
4.设置服务端配置文件
vim /etc/openvpn/server.conf #在service.conf最后添加 script-security 3 auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env #指定用户认证脚本 username-as-common-name verify-client-cert none
5. 设置客户端文件
#主要是注释crt和key路径,以及添加一行auth-user-pass client dev tun proto tcp remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt ;cert cyh.crt #注释 ;key cyh.key #注释 tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 3 auth-user-pass #使用用户名密码登录
6.重启即可
浙公网安备 33010602011771号