OPENVPN mit User-Authentication
Zur Navigation springen
Zur Suche springen
Normale Benutzerverwaltung
Server
- useradd testuser
- passwd testuser
- vi /etc/openvpn/server.conf
dev tun mode server tls-server #proto tcp-server port 5000 topology subnet server 172.31.2.0 255.255.255.0 route-gateway 172.31.2.1 push 'route-gateway 172.31.2.1' cipher AES-256-CBC link-mtu 1558 status /tmp/cool-vpn.status keepalive 10 30 client-to-client max-clients 150 verb 3 dh /etc/openvpn/dh1024.pem ca /etc/openvpn/openvpn-ca.crt cert /etc/openvpn/openvpn-linux.crt key /etc/openvpn/openvpn-linux.key comp-lzo persist-key persist-tun duplicate-cn plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so /etc/pam.d/login <--- Diese Zeile aktiviert die User-Authentication
Client
- C:\\Program Files\OpenVpn\config\config.ovpn
port 5000 #udp by default dev tun0 remote 192.168.240.42 tls-client ca C:\\Program Files\\OpenVpn\\config\\openvpn-ca.crt cert C:\\Program Files\\OpenVpn\\config\\openvpn-windows.crt key C:\\Program Files\\OpenVpn\\config\\openvpn-windows.key #tun-mtu 1500 #tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3 auth-user-pass <--- Diese Zeile aktiviert die User-Authentication
mit htpasswd
Server
basic_ncsa_auth aus Squid-Paket extrahieren
- apt-get download squid3
- ar -x squid_3.5.12-1ubuntu7.5_amd64.deb /root/data
- tar -xJfv data.tar.xz
- cp /usr/lib/squid/basic_ncsa_auth /usr/local/bin
Authentication-Script erstellen
- vi /usr/local/bin/openvpnpw
#!/bin/bash echo $username $password $1 >> /tmp/openvpnpw ERG=$(echo $username $password | /usr/local/bin/basic_ncsa_auth $1 | tr -d " ") if [[ "$ERG" = "OK" ]] then exit 0 else exit 1 fi
htpasswd-Datei erstellen
- htpasswd -c /etc/openvpn/passwd testuser (ohne "-c" um einfach einen neuen User hinzu zu fügen)
Openvpn konfigurieren
- vi /etc/openvpn/server.conf
dev tun mode server tls-server #proto tcp-server port 5000 topology subnet server 172.31.2.0 255.255.255.0 route-gateway 172.31.2.1 push 'route-gateway 172.31.2.1' cipher AES-256-CBC #auth SHA1 link-mtu 1558 status /tmp/cool-vpn.status keepalive 10 30 client-to-client max-clients 150 verb 3 dh /etc/openvpn/dh1024.pem ca /etc/openvpn/openvpn-ca.crt cert /etc/openvpn/openvpn-linux.crt key /etc/openvpn/openvpn-linux.key comp-lzo persist-key persist-tun duplicate-cn script-security 3 auth-user-pass-verify "/usr/local/bin/openvpnpw /etc/openvpn/passwd" via-env
Client
- C:\\Program Files\OpenVpn\config\config.ovpn
port 5000 #udp by default dev tun0 remote 192.168.240.42 tls-client ca C:\\Program Files\\OpenVpn\\config\\openvpn-ca.crt cert C:\\Program Files\\OpenVpn\\config\\openvpn-windows.crt key C:\\Program Files\\OpenVpn\\config\\openvpn-windows.key #tun-mtu 1500 #tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3 auth-user-pass