[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] howto set up openvpn with user & pass authentication


  • Subject: Re: [Openvpn-users] howto set up openvpn with user & pass authentication
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Tue, 25 Sep 2007 16:42:06 +0200

hello

ive got nearly the same situation. here's my config. the main difference 
is im usin a custom user-verify script instead of a plugin. maybe thats 
what ur lookin 4:

server config
---------------------
local 88.82.x.x
port 1195
proto udp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 10.9.0.4 255.255.255.0 10.9.0.50 10.9.0.100
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
bcast-buffers 1024
max-clients 10
auth-user-pass-verify /etc/openvpn/user-verify.sh via-env
client-cert-not-required

user-verify.sh
------------------------
#!/bin/sh

users="/etc/openvpn/users.lst"
user=$username
pass1=$password

pass2=$(awk -v u=$user '$1 ~ u { print $2 }' $users)
if [ "$pass2" == "$pass1" ]; then
        echo "Your welcome!"
        exit 0
else
        echo "Go away nerd!"
        exit 100
fi

users.lst
------------------------
joe    testPW
anna    testPW
blah    testPW



Gregory Machin wrote:
> Hi this is my current config ... i have another problem,  the config
> launches to instances of openvpn .. can't see why it would do that ..
>
> user openvpn
> group openvpn
> ; tunnel configuration
>
> dev tap1
> server-bridge 10.4.8.254 255.255.255.0 10.4.8.230 10.4.8.232
> push "route-gateway 10.4.8.254"
> port 1195
> client-to-client
>
> #passtos
> comp-lzo
> #management 127.0.0.1 5555
> keepalive 10 120
>
> #tun-mtu 1500
> #tun-mtu-extra 32
> #mssfix 1450
>
> persist-key
> persist-tun
> persist-local-ip
> persist-remote-ip
>
> ; logging and status
>
> writepid /var/run/openvpn/remote.pid
> ifconfig-pool-persist openvpn.leases
> status /var/log/openvpn/remote-status.log
> verb 1
>
> ; certificates and authentication
>
> ca crypto-server/ca.crt
> cert crypto-server/southcape-hq.vpn.ct-net.org.crt
> key crypto-server/southcape-hq.vpn.ct-net.org.key
> dh crypto-server/dh4096.pem
>
> plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
> username-as-common-name
> client-cert-not-required
>
>
>
> many thanks
>
>
>
>
>
>
>
> On 9/23/07, Gregory Machin <gregory.machin@xxxxxxxxx> wrote:
>   
>> Hi
>> Any idea where i can find a howto on setting up username and password
>> authentication for client connection .. I want this for road worriors
>> ... All i have found is a couple of explanation, but no complete
>> working howto.
>>
>> Greg
>>
>>     
>
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users