1、配置OpenVPN
vim /etc/openvpn/checkpsw.sh #!/bin/sh
########################################################### # checkpsw.sh (C)
2004 Mathias Sundman # # This script will authenticate OpenVPN users against #
a plain text file. The passfile should simply contain # one row per user with
the username first followed by # one or more space(s) or tab(s) and then the
password. PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/etc/openvpn/openvpn-password.log" TIME_STAMP=`date "+%Y-%m-%d %T"`
########################################################### if [ ! -r
"${PASSFILE}" ]; then echo "${TIME_STAMP}: Could not open password file
\"${PASSFILE}\" for reading." >> ${LOG_FILE} exit 1 fi CORRECT_PASSWORD=`awk
'!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}` if [
"${CORRECT_PASSWORD}" = "" ]; then echo "${TIME_STAMP}: User does not exist:
username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE} exit 1 fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then echo "${TIME_STAMP}:
Successful authentication: username=\"${username}\"." >> ${LOG_FILE} exit 0 fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\",
password=\"${password}\"." >> ${LOG_FILE} exit 1
2、改变权限
chmod +x /etc/openvpn/checkpsw.sh
3、配置密码账号文件
vim /etc/openvpn/psw-file # 前面为用户名,后面为密码。 中间使用空格分开 tom1 123456 test test
4、服务器端修改
vim /etc/openvpn/server.conf # 最后一行加入 script-security 3 auth-user-pass-verify
/etc/openvpn/checkpsw.sh via-env username-as-common-name verify-client-cert none
5、客户端 client.ovpn
client dev tun proto tcp remote 192.168.1.71 1194 resolv-retry infinite nobind
persist-key persist-tun ca ca.crt #注释这两行 ;cert admin.crt ;key admin.key
remote-cert-tls server tls-auth ta.key 1 cipher AES-256-GCM comp-lzo verb 3
#加入这一行,使用用户名密码登录openvpn服务器 auth-user-pass
6、重启后连接
systemctl restart openvpn@server