Created
February 26, 2014 16:44
-
-
Save wuchang/9233327 to your computer and use it in GitHub Desktop.
openVPN配置文件-使用用户名密码验证
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ########################################################### | |
| # checkpsw.sh (C) 2004 Mathias Sundman <mathias@openvpn.se> | |
| # | |
| # This script will authenticate OpenVPN users against | |
| # a plain text file. The passfile should simply contain | |
| # one row per user with the username first followed by | |
| # one or more space(s) or tab(s) and then the password. | |
| PASSFILE="/etc/openvpn/psw-file" | |
| LOG_FILE="/var/log/openvpn/password.log" | |
| TIME_STAMP=`date "+%Y-%m-%d %T"` | |
| ########################################################### | |
| if [ ! -r "${PASSFILE}" ]; then | |
| echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE} | |
| exit 1 | |
| fi | |
| CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}` | |
| if [ "${CORRECT_PASSWORD}" = "" ]; then | |
| echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} | |
| exit 1 | |
| fi | |
| if [ "${password}" = "${CORRECT_PASSWORD}" ]; then | |
| echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE} | |
| exit 0 | |
| fi | |
| echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} | |
| exit 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| client | |
| dev tun | |
| dev-node openvpn | |
| proto udp | |
| remote ****** | |
| resolv-retry infinite | |
| nobind | |
| persist-key | |
| persist-tun | |
| ca ca.crt | |
| ns-cert-type server | |
| comp-lzo | |
| # Set log file verbosity. | |
| verb 3 | |
| # Silence repeating messages | |
| ;mute 20 | |
| auth-user-pass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Which local IP address should OpenVPN | |
| # listen on? (optional) | |
| local *.*.*.* | |
| port 1194 | |
| # TCP or UDP server? | |
| ;proto tcp | |
| proto udp | |
| ;dev tap | |
| dev tun | |
| ;dev-node MyTap | |
| ca ca.crt | |
| cert server.crt | |
| key server.key # This file should be kept secret | |
| dh dh1024.pem | |
| server 10.8.0.0 255.255.255.0 | |
| ifconfig-pool-persist ipp.txt | |
| ;push "route 192.168.10.0 255.255.255.0" | |
| ;push "route 192.168.20.0 255.255.255.0" | |
| ;client-config-dir ccd | |
| ;route 192.168.40.128 255.255.255.248 | |
| ;client-config-dir ccd | |
| ;route 10.9.0.0 255.255.255.252 | |
| # Then add this line to ccd/Thelonious: | |
| # ifconfig-push 10.9.0.1 10.9.0.2 | |
| ;learn-address ./script | |
| push "redirect-gateway def1 bypass-dhcp" | |
| push "dhcp-option DNS 8.8.8.8" | |
| client-to-client | |
| ;duplicate-cn | |
| keepalive 10 120 | |
| ;tls-auth ta.key 0 # This file is secret | |
| comp-lzo | |
| ;user nobody | |
| ;group nobody | |
| persist-key | |
| persist-tun | |
| status openvpn-status.log | |
| verb 3 | |
| ;mute 20 | |
| log /var/log/openvpn/openvpn.log | |
| script-security 3 system | |
| auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env | |
| client-cert-not-required | |
| username-as-common-name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment