openVPN设置本地密码验证

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

https://github.com/Nyr/openvpn-install

1.修改配置文件。（添加下列配置）

script-security 3                         #加入script-security消除以下警告  不是很了解，不加拨号失败（允许OPenvpn使用用户自动以脚本）
client-cert-not-required                  #取消客户端的证书认证　　如果双重验证注释掉此行，客户端配置文件证书路径保留。
username-as-common-name
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env             #开启用户密码脚本

2.添加验证脚本，密码文件。

验证脚本

# vi checkpsw.sh

#!/bin/sh
###########################################################
# checkpsw.sh (C)  Mathias Sundman <mathias@openvpn.se>
#
# This script will authenticate OpenVPN users against
# a plain text file. The passfile should simply contain
# one row per user with the username first followed by
# one or more space(s) or tab(s) and then the password.

PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/etc/openvpn/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`

###########################################################

if [ ! -r "${PASSFILE}" ]; then
  echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
  exit
fi

CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
  echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
  exit
fi

if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
  echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
  exit
fi

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 

添加脚本可执行权限

# chmod +x checkpsw.sh

密码验证文件

# vi psw-file

psw-file中一行是一个账号，用户名和密码之间用空格隔开

添加文件可读取权限

# chmod 400 checkpsw.sh

3.设置客户端

注销掉这两行

#cert peara.crt

#key peara.key

再添加这一行，添加这行，就会提示输入用户名和密码

auth-user-pass

4.重启服务

参考博客：

openVPN本地密码验证

https://www.cnblogs.com/sunpear/p/5722482.html