配置 Debian Server – openvpn with mysql

apt-get install openvpn

openvpn常规配置参加其它

mysql -u root -p

create database vpn;

GRANT ALL ON vpn.* TO vpn@localhost IDENTIFIED BY ‘vpn123′;

flush privileges;

use vpn;

CREATE TABLE vpnuser ( name char(20) NOT NULL, password char(128) default NULL, active int(10) NOT NULL DEFAULT 1, PRIMARY KEY (name) );

insert into vpnuser (name,password) values(‘xhuang’,password(‘xhuang’));

vi /etc/pam.d/openvpn

auth sufficient pam_mysql.so user=vpn passwd=vpn123 host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2
account required pam_mysql.so user=vpn passwd=vpn123 host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2

需要自己编译openvpn-auth-pam.so

下载openvpn 2.0.9源码:wget http://openvpn.net/release/openvpn-2.0.9.tar.gz

apt-get install make gcc libpam0g-dev

cd openvpn-2.0.9/plugin/auth-pam

make

cp openvpn-auth-pam.so /etc/openvpn/

chmod 775 /etc/openvpn/openvpn-auth-pam.so

vi /etc/openvpn/openvpn.conf

port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.0.0
push “redirect-gateway def1″
push “dhcp-option DNS 208.69.228.30″
push “dhcp-option DNS 4.2.2.1″
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0
plugin ./openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
comp-lzo
max-clients 20
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
client:

client
dev tun
proto udp
remote ip 443
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca pca.crt
auth-user-pass
ns-cert-type server
tls-auth pta.key 1
comp-lzo
verb 4

This entry was posted in Linux, Network, VPN. Bookmark the permalink.

Comments are closed.