openvpn怎样使用密码+证书双重认证?
1、server文件增加
auth-user-pass-verify /usr/local/openvpn/etc/checkpsw.sh via-env # client-cert-not-required username-as-common-name script-security 3 备注如果加上client-cert-not-required则代表只使用用户名密码方式验证登录,如果不加,则代表需要证书和用户名密码双重验证登录!
2、创建checkpsw.sh脚本文件
[root@openvpnservice openvpn]# vim checkpsw.sh !/bin/sh # checkpsw.sh (C) 2004 Mathias Sundman mathias@openvpn.se # This script will authenticate OpenVPN users against a plain text file. The passfile should simply contain one row per user with the username first followed by one or more space(s) or tab(s) and then the password. PASSFILE="/etc/openvpn/psw-file" LOG_FILE="/var/log/openvpn-password.log" TIME_STAMP=date "+%Y-%m-%d %T"
# if [ ! -r "${PASSFILE}" ]; then echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE} exit 1 fi CORRECT_PASSWORD=awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}
if [ "${CORRECT_PASSWORD}" = "" ]; then echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} exit 1 fi if [ "${password}" = "${CORRECT_PASSWORD}" ]; then echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE} exit 0 fi echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} exit 1
脚本下载地址:http://od.mrtom.club/SHELL/checkpsw.sh
创建用户
vim psw-file # 用户名和密码 wangxuejin Aa123
权限设置
[root@openvpnservice openvpn]# chmod 777 [root@openvpnservice openvpn]# chmod 400 psw-file [root@openvpnservice openvpn]# chown openvpn.openvpn psw-file [root@openvpnservice openvpn]# chmod 777 checkpsw.sh
客户端中加入
auth-user-pass
重启服务
[root@openvpnservice openvpn]# systemctl restart openvpn@server
主题授权提示:请在后台主题设置-主题授权-激活主题的正版授权,授权购买:RiTheme官网
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。