LSX-blog

Feed Rss

【原创】采用MYSQL存储OpenVPN验证信息

08.10.2012, Linux, by .

安装OPenVPN

一、安装MYSQL

[root@localhost ~]# tar zxvf mysql-5.1.57.tar.gz

[root@localhost ~]# cd mysql-5.1.57

[root@localhost mysql-5.1.57]# ./configure –prefix=/usr/local/mysql \

–with-extra-charsets=complex \

–enable-assembler \

–with-pthread \

–enable-thread-safe-client \

–with-big-tables \

–with-plugins=innobase,innodb_plugin \

–with-embedded-server \

–enable-local-infile \

–with-readline \

> && make && make install

## 建账号

[root@localhost mysql-5.1.57]# useradd mysql -M -s /sbin/nologin

## 更改目录权限

[root@localhost mysql-5.1.57]# chown -R mysql:mysql /usr/local/mysql

## 复制配置文件

[root@localhost mysql-5.1.57]# cp support-files/my-medium.cnf /etc/my.cnf

## 复制服务启动文件

[root@localhost mysql-5.1.57]# cp support-files/mysql.server /etc/init.d/mysqld

## 添加执行权限

[root@localhost mysql-5.1.57]# chmod +x /etc/init.d/mysqld

## 初始化数据库

[root@localhost mysql-5.1.57]# /usr/local/mysql/bin/mysql_install_db –user=mysql

二、安装压缩组件

[root@localhost ~]# tar zxvf lzo-2.05.tar.gz

[root@localhost lzo-2.05]# ./configure && make && make install

三、安装OPENVPN

[root@localhost ~]# tar zxvf openvpn-2.0.9.tar.gz

[root@localhost openvpn-2.0.9]# ./configure && make && make install

## 复制服务启动文件

[root@localhost openvpn-2.0.9]# cp sample-scripts/openvpn.init /etc/init.d/openvpn

## 创建配置文件夹

[root@localhost openvpn-2.0.9]# mkdir /etc/openvpn/ -p

## 复制配置文件

[root@localhost openvpn-2.0.9]# cp ./sample-config-files/server.conf /etc/openvpn/

## 进入

[root@localhost openvpn-2.0.9]# cd ./easy-rsa/2.0/

## 配置vars

[root@localhost 2.0]# vim vars

## 更改成如下内容

# These are the default values for fields

# which will be placed in the certificate.

# Don’t leave any of these fields blank.

export KEY_COUNTRY="CN"

export KEY_PROVINCE="CN"

export KEY_CITY="BeiJing"

export KEY_ORG="Bejing"

export KEY_EMAIL=lishixin@pingco.com

## 执行

[root@localhost 2.0]# source ./vars

[root@localhost 2.0]# ./clean-all

## 创建配置文件

[root@localhost 2.0]# ./build-ca

[root@localhost 2.0]# ./build-key-server server

[root@localhost 2.0]# ./build-dh

[root@localhost 2.0]# openvpn –genkey –secret keys/ta.key

## 复制到配置文件夹目录

[root@localhost 2.0]# cp keys/* /etc/openvpn/

## 进入执行编译模块

[root@localhost openvpn-2.0.9]# cd ./plugin/auth-pam/

[root@localhost auth-pam]# make

[root@localhost auth-pam]# cp openvpn-auth-pam.so /etc/openvpn/

四、安装PAM_MYSQL组件

[root@localhost ~]# tar zxvf pam_mysql-0.7RC1.tar.gz

[root@localhostpam_mysql-0.7RC1]# ./configure \

–with-mysql=/usr/local/mysql && make && make install

## 创建一个软链

[root@localhost ~]# ln -s /lib/security/pam_mysql.so /lib64/security/

五、配置整合

1、配置数据库

[root@localhost ~]# service mysqld start

## 设置一个ROOT的访问数据库的密码111111

[root@localhost ~]# /usr/local/mysql/bin/mysqladmin password 111111

## 创建数据库

mysql> create database openvpn;

## 创建一个表

mysql> use openvpn;

Database changed

mysql> CREATE TABLE user (

-> name char(20) NOT NULL,

-> password char(128) default NULL,

-> active int(10) NOT NULL DEFAULT 1,

-> PRIMARY KEY (name)

-> );

Query OK, 0 rows affected (0.02 sec)

## 插入一条

mysql> insert into user (name,password) values (‘lishixin’,password(‘lishixin’));

## 查询一下

clip_image001

## 创建帐号

mysql> grant all privileges on openvpn.* to "openvpn"@"127.0.0.1" identified by "openvpn";

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

2、配置PAM模块

## 创建

[root@localhost ~]# vim /etc/pam.d/openvpn

## 添加如下内容

auth optional pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2

account required pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2

3、检查相关模块

## saslauthd是否安装

[root@localhost ~]# rpm -qa|grep sasl

cyrus-sasl-plain-2.1.22-5.el5_4.3

cyrus-sasl-plain-2.1.22-5.el5_4.3

cyrus-sasl-lib-2.1.22-5.el5_4.3

cyrus-sasl-lib-2.1.22-5.el5_4.3

cyrus-sasl-devel-2.1.22-5.el5_4.3

cyrus-sasl-devel-2.1.22-5.el5_4.3

cyrus-sasl-2.1.22-5.el5_4.3

4、测试PAM_MYSQL

## 运行

[root@localhost ~]# saslauthd -a pam

## 返回 OK 为正常

[root@localhost ~]# testsaslauthd -ulishixin -plishixin -s openvpn

0: OK "Success."

不正常的请查看/var/log/messages与/var/log/messages

## 结束测试进程

[root@localhost ~]# killall saslauthd

5、配置OPENVPN

## 请查看如下值

local 0.0.0.0

## 你OPENVPN服务器要宣告的路由

push "route 192.168.10.0 255.255.255.0"

tls-auth ta.key 0 # This file is secret

log openvpn.log

plugin ./openvpn-auth-pam.so openvpn

client-cert-not-required

username-as-common-name

6、启动OPENVPN

[root@localhost openvpn]# service openvpn start

六、配置客户端

1、安装客户端

##一路回车安装成功

clip_image002

2、配置客户端

## 进入默认安装目录

C:\Program Files\OpenVPN\config

##创建配置文件 client.ovpn

client

dev tun

proto udp

remote 192.168.242.128 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

auth-user-pass

ns-cert-type server

tls-auth ta.key 1

comp-lzo

verb 3

auth-nocache

3、从服务器下载如下配置文件

Ca.crt

Ta.key

七、安装完成

clip_image003

八、结束语

详细配置方法自行研究,不再一一叙述。

【原创】采用MYSQL存储OpenVPN验证信息 有 23 条回应

  1. Great post. I was checking constantly this blog and I am inspired!
    Very useful info specially the ultimate part 🙂 I care for such information a lot.
    I was seeking this certain information for a very lengthy
    time. Thank you and good luck.

    回复
  2. No matter if some one searches for his vital thing, thus he/she wishes to
    be available that in detail, so that thing is maintained over here.

    回复
  3. I have been exploring for a little bit for any high-quality
    articles or weblog posts on this kind of area . Exploring in Yahoo I eventually stumbled
    upon this website. Reading this info So i’m happy to exhibit that I have an incredibly excellent uncanny feeling I came upon just what I needed.
    I such a lot indisputably will make sure to do not
    forget this web site and provides it a look regularly.

    回复
  4. Wow, marvelous blog layout! How long have you been blogging for?

    you make blogging look easy. The overall look of your website is magnificent, as well
    as the content!

    回复
  5. With havin so much content do you ever run into any problems of plagorism or copyright infringement?
    My website has a lot of exclusive content I’ve either written myself or outsourced but it looks like a lot of it
    is popping it up all over the web without my permission. Do you know any solutions to help protect against content from being
    stolen? I’d genuinely appreciate it.

    回复
  6. Awesome issues here. I am very glad to see your article.

    Thanks so much and I am taking a look forward to contact
    you. Will you please drop me a e-mail?

    回复
  7. You have made some really good points there.
    I checked on the net for additional information about the issue and found most people will go along with
    your views on this website.

    回复
  8. Have you ever considered writing an e-book or guest authoring on other websites?
    I have a blog centered on the same information you discuss and would really like to
    have you share some stories/information. I know
    my audience would enjoy your work. If you are even remotely interested, feel free
    to send me an e-mail.

    回复
  9. I was wondering if you ever considered changing the page layout of your website?
    Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better.
    Youve got an awful lot of text for only having 1 or 2 images.
    Maybe you could space it out better?

    回复
  10. Fantastic beat ! I would like to apprentice while you amend your web site, how could i subscribe for a blog website?
    The account aided me a acceptable deal. I had been tiny
    bit acquainted of this your broadcast provided bright clear concept

    回复
  11. I always used to study piece of writing in news papers
    but now as I am a user of internet therefore from now I am using net for
    articles or reviews, thanks to web.

    回复
  12. Can I simply say what a comfort to discover someone who genuinely knows what they are discussing on the net.

    You actually understand how to bring a problem to
    light and make it important. More and more people should look at this and understand this side of the story.
    I was surprised you’re not more popular because you surely have the
    gift.

    回复
  13. What’s up, of course this paragraph is actually fastidious and I have learned lot of things from it about blogging.
    thanks.

    回复
  14. Right away I am going to do my breakfast, when having my breakfast coming
    over again to read further news.

    回复
  15. Having read this I thought it was rather enlightening.
    I appreciate you spending some time and energy to put this informative article together.

    I once again find myself spending way too much time both reading and leaving comments.
    But so what, it was still worth it!

    回复
  16. at is warnings

    82f8 is trkei kaufen

    回复
  17. be is without script

    b603 is cheaper mexico

    回复
  18. being at is read

    05d6 be is fda

    回复
  19. is oesterreich

    3570 is uy online

    回复
  20. is e metabolismo

    cff1 is alternativas

    回复
  21. how does is make you feel

    10c8 is shop holland

    回复
  22. best results from is

    e7cf is overdose 200mg

    回复
  23. is 10 mg dosage

    9136 prezzi di targhe di is

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注