|
|
Jann Traschewski wrote:
> Hi,
>
> I need a very simple VPN-solution and I don't know whether OpenVPN will meet
> my requirements. I have a linuxbox with about 1500 users. I don't need any
> encryption (also just plain text for the password would be OK). The
> important thing is, that I don't want to have any maintenance to setup an
> account. I just want to have them login by username and password from
> /etc/shadow.
You can use the pam auth plugin as duffy mentioned, or you can create
your simple C program to do that. I have made my own program that check
the shadow and do the authentication, the only drawback to this aproach
is that the openvpn daemon must be run as root, for it being able to
read /etc/shadow. In the openvpn pam plugin, it forks itself from the
vpn daemon, so you can run it as nodoby, or another uprivileged account.
My program is simple and do it's job. I didn't had time to made it an
openvpn plugin, with a fork to permit it to run as nobody.
>
> Simple question: Is that possible with OpenVPN? Encryption is also OK, but
> not needed.
Yes, it is.
>
> Further question: Is it possible that every user gets every login the same
> IP-address (e.g. based by row in /etc/shadow)? I think I have to use a
> tap-Interface for my VPN-solution, but I don't think OpenVPN has an
> interface to the DHCP-Dämon?
You can do as duffy mentioned using the ifconfig-pool-persist, or you
can use the openvpn option --username-as-common-name and make an ccd dir
and put an configu especific for each client.
>
> Thanks,
> Jann
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
I can send you my program if you are interested.
My regards,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Attachment:
signature.asc
Description: OpenPGP digital signature
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00149.html on line 231
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00149.html on line 231
|