username & password login一, 06/04/2020 - 11:47 的修訂版本

修訂版本可以讓你追蹤文章的多個版本的不同之處。

 

 

 


Server Setting

 

Setting

# server.conf
# OpenVPN 2.4.8 (openvpn --version)

mode server
proto tcp-server
port 1194
dev tap

# Certificates.
ca   ca.crt
cert server.crt
key  server.key    # chmod 400 server.key

dh dh1024.pem      # openssl dhparam -out dh1024.pem 1024

#keepalive 10 120
#comp-lzo

user openvpn
group openvpn

persist-key
persist-tun

verify-client-cert none

# Username and Password authentication via PAM.
# Doc: /usr/share/doc/openvpn-2.4.8/README.auth-pam
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login

# mkdir /var/log/openvpn & chown openvpn. /var/log/openvpn
log      /var/log/openvpn/server.log
status   /var/log/openvpn/status

verb 7

Start & Test

openvpn --config server.conf

openvpn-plugin-auth-pam.so

This module uses a split privilege execution model

(will function even if you drop openvpn daemon privileges)

USAGE

plugin openvpn-auth-pam.so service-type

service-type => ls /etc/pam.d

i.e.

plugin openvpn-auth-pam.so "login login USERNAME password PASSWORD"

# answer a "login" query with the username given by the OpenVPN client, and

# answer a "password" query with the password given by the OpenVPN client.

Remark

Run OpenVPN with --verb 7 or higher to get debugging output from this plugin
 


Client Setting