username & password login

 

 

 


Server Setting

 

Setting

# server.conf
# OpenVPN 2.4.8 (openvpn --version)

mode server
proto tcp-server
port 1194
dev tap

# Certificates.
ca   ca.crt
cert server.crt
key  server.key    # chmod 400 server.key

dh dh1024.pem      # openssl dhparam -out dh1024.pem 1024

#keepalive 10 120
#comp-lzo

user openvpn
group openvpn

persist-key
persist-tun

verify-client-cert none

# Username and Password authentication via PAM.
# Doc: /usr/share/doc/openvpn-2.4.8/README.auth-pam
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login

# mkdir /var/log/openvpn & chown openvpn. /var/log/openvpn
log      /var/log/openvpn/server.log
status   /var/log/openvpn/status

verb 7

Start & Test

openvpn --config server.conf

openvpn-plugin-auth-pam.so

This module uses a split privilege execution model

(will function even if you drop openvpn daemon privileges)

USAGE

plugin openvpn-auth-pam.so service-type

service-type => ls /etc/pam.d

i.e.

plugin openvpn-auth-pam.so "login login USERNAME password PASSWORD"

# answer a "login" query with the username given by the OpenVPN client, and

# answer a "password" query with the password given by the OpenVPN client.

Remark

Run OpenVPN with --verb 7 or higher to get debugging output from this plugin
 


Client Setting

 

Setting

client
remote server.domain.name
port 5555
proto tcp-client

resolv-retry infinite
nobind

dev tap15

sndbuf 0
rcvbuf 0

persist-tun
persist-key

verb 3
status-version 2
status status 10

auth-user-pass login.txt

#
ca ca.crt
cert client.crt
key client.key

login.txt

USER
PASS