一、配置OpenVPN Server
编写一个用户认证的脚本 (脚本是由openvpn官网提供的)
~]# vim /etc/openvpn/checkpsw.sh
#!/bin/sh
###########################################################
# checkpsw.sh (C) 2004 Mathias Sundman
#
# This script will authenticate OpenVPN users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.
PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/etc/openvpn/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
###########################################################
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
~]# chmod 755 /etc/openvpn/checkpsw.sh
配置用户密码文件
~]# vim /etc/openvpn/psw-file
tom 12345
jerry 123456
修改 OpenVPN 的配置文件
# 追加如下内容
cat >> /etc/openvpn/server.conf<<EOF
script-security 3
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env #指定用户认证脚本
username-as-common-name
verify-client-cert none
EOF
重启 OpenVPN
systemctl restart openvpn@server.service
二、配置 OpenVPN Client
# 修改配置文件 client.ovpn 如下
client
dev tun
proto tcp
remote 203.xxx.xxx.xxx 11194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
;cert client.crt # 注释此行
;key client.key # 注释此行
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
auth-user-pass # 增加此行

网友评论