Openvpn安装for 用户名密码验证

上一篇文章已经写了如何搭建基于证书验证的Openvpn服务器,接下来,我们来写一写搭建基于用户名和密码验证的Openvpn

1、在之前配置的证书验证方式的基础上做以下操作即可
  • 在openvpn服务器的配置文件上多加以下内容:
1
2
3
4
5
6
vim /etc/openvpn/server.conf

client-cert-not-required
username-as-common-name
script-security 3 system
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
2、创建验证用户登录的checkpsw.sh脚本,主要改PASSFILE和LOG_FILE两个变量
1
2
cd /etc/openvpn
vim checkpsw.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/sh
###########################################################
# checkpsw.sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
#
# This script will authenticate OpenVPN users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.

PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/var/log/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`

###########################################################

if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi

CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi

if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1

1
chmod +x checkpsw.sh
3、创建用户名和密码认证文件,用户名和密码用空格隔开
1
2
3
cd /etc/openvpn
echo "test1 test1" > psw-file
chmod 400 psw-file
4、修改客户端文件然后替换客户端的client.ovpn文件
1
2
3
4
;cert client.crt			#注释掉
;key client.key #注释掉
auth-user-pass #添加
auth-nocache #添加
5、重启openvpn服务
1
2
sh /root/openvpn-2.2.2/sample-config-files/openvpn-shutdown.sh
/usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf --daemon
6、测试

PqapQO.png

Pqa9yD.png

7、查看用户登录日志
1
tail -f /var/log/openvpn-password.log

PqaEFI.png

博主QQ:1012405802
技术交流QQ群:830339411
版权声明:网站内容有原创和转载,如有侵权,请联系删除,谢谢!!
感谢打赏,93bok因你们而精彩!!(支付宝支持花呗)
0%