client-cert-not-required--script-security level mode : mode='execve' (default) or 'system', level=3 -- allow password to be passed to scripts via env# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.
PASSFILE="/opt/openvpn/psw-file"
LOG_FILE="/opt/openvpn/logs/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
###########################################################
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file "${PASSFILE}" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username="${username}", password="${password}"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username="${username}"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username="${username}", password="${password}"." >> ${LOG_FILE}
exit 1
touch /opt/openvpn/logs/openvpn-password.log
chown nobody:nobody /opt/openvpn/logs/openvpn-password.log
密碼存放方式
在psw-file裡按”用戶名[空格或者tab]密碼“這種規則方式存放
touch /opt/openvpn/logs/psw-file
chown nobody:nobody /opt/openvpn/psw-file
cat /opt/openvpn/psw-file
test test
ipad ipad
windows客戶端配置
下載:openvpn-install-2.4.4-I601.exe 點擊安裝,一直next,默認目錄安裝即可 一般會安裝到 C:/Program Files/OpenVPN/ 目錄下
創建client.ovpn文件: client dev tun proto tcp-client remote x.x.x.x 1195 #vpn服務端ip,這裡為內網對應的公網IP,路由器映射至內網主機
remote-random
resolv-retry infinite
nobind
persist-key persist-tun
ca ca.crt
auth-user-pass
auth-nocache
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC #保持服務端和客戶端一致
comp-lzo
status openvpn-status.log
將client.ovpn文件放到C:/Program Files/OpenVPN/config目錄下
從VPN服務端下載ca.crt,ta.key證書 將ca.crt,ta.key證書放到C:/Program Files/OpenVPN/config目錄下
點擊桌面openvpn圖標,輸入相應的用戶名密碼即可
閱讀更多 IT生涯 的文章