ITHO博客

从网络安全入门到放弃

OpenVPN设置账号密码登陆

发布时间: 2023-2-4 文章作者: myluzh 分类名称: 系统运维


1、配置OpenVPN
vim /etc/openvpn/checkpsw.sh
#!/bin/sh
###########################################################
# checkpsw.sh (C) 2004 Mathias Sundman
#
# This script will authenticate OpenVPN users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.

PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/etc/openvpn/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`

###########################################################

if [ ! -r "${PASSFILE}" ]; then
 echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
 exit 1
fi

CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
 echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
 exit 1
fi

if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
 echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
 exit 0
fi

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1

2、改变权限
chmod +x /etc/openvpn/checkpsw.sh

3、配置密码账号文件
vim /etc/openvpn/psw-file
# 前面为用户名,后面为密码。 中间使用空格分开
tom1 123456
test test

4、服务器端修改
vim /etc/openvpn/server.conf
# 最后一行加入
script-security 3
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
username-as-common-name
verify-client-cert none

5、客户端 client.ovpn
#注释这两行,实测不注释掉也可以
;cert admin.crt
;key admin.key
#必须加入这一行,使用用户名密码登录openvpn服务器
auth-user-pass

6、重启后连接
systemctl restart openvpn@server

标签: openvpn

发表评论