LSX-blog

Feed Rss

【原创】采用MYSQL存储OpenVPN验证信息

08.10.2012, Linux, by .

安装OPenVPN

一、安装MYSQL

[root@localhost ~]# tar zxvf mysql-5.1.57.tar.gz

[root@localhost ~]# cd mysql-5.1.57

[root@localhost mysql-5.1.57]# ./configure –prefix=/usr/local/mysql \

–with-extra-charsets=complex \

–enable-assembler \

–with-pthread \

–enable-thread-safe-client \

–with-big-tables \

–with-plugins=innobase,innodb_plugin \

–with-embedded-server \

–enable-local-infile \

–with-readline \

> && make && make install

## 建账号

[root@localhost mysql-5.1.57]# useradd mysql -M -s /sbin/nologin

## 更改目录权限

[root@localhost mysql-5.1.57]# chown -R mysql:mysql /usr/local/mysql

## 复制配置文件

[root@localhost mysql-5.1.57]# cp support-files/my-medium.cnf /etc/my.cnf

## 复制服务启动文件

[root@localhost mysql-5.1.57]# cp support-files/mysql.server /etc/init.d/mysqld

## 添加执行权限

[root@localhost mysql-5.1.57]# chmod +x /etc/init.d/mysqld

## 初始化数据库

[root@localhost mysql-5.1.57]# /usr/local/mysql/bin/mysql_install_db –user=mysql

二、安装压缩组件

[root@localhost ~]# tar zxvf lzo-2.05.tar.gz

[root@localhost lzo-2.05]# ./configure && make && make install

三、安装OPENVPN

[root@localhost ~]# tar zxvf openvpn-2.0.9.tar.gz

[root@localhost openvpn-2.0.9]# ./configure && make && make install

## 复制服务启动文件

[root@localhost openvpn-2.0.9]# cp sample-scripts/openvpn.init /etc/init.d/openvpn

## 创建配置文件夹

[root@localhost openvpn-2.0.9]# mkdir /etc/openvpn/ -p

## 复制配置文件

[root@localhost openvpn-2.0.9]# cp ./sample-config-files/server.conf /etc/openvpn/

## 进入

[root@localhost openvpn-2.0.9]# cd ./easy-rsa/2.0/

## 配置vars

[root@localhost 2.0]# vim vars

## 更改成如下内容

# These are the default values for fields

# which will be placed in the certificate.

# Don’t leave any of these fields blank.

export KEY_COUNTRY="CN"

export KEY_PROVINCE="CN"

export KEY_CITY="BeiJing"

export KEY_ORG="Bejing"

export KEY_EMAIL=lishixin@pingco.com

## 执行

[root@localhost 2.0]# source ./vars

[root@localhost 2.0]# ./clean-all

## 创建配置文件

[root@localhost 2.0]# ./build-ca

[root@localhost 2.0]# ./build-key-server server

[root@localhost 2.0]# ./build-dh

[root@localhost 2.0]# openvpn –genkey –secret keys/ta.key

## 复制到配置文件夹目录

[root@localhost 2.0]# cp keys/* /etc/openvpn/

## 进入执行编译模块

[root@localhost openvpn-2.0.9]# cd ./plugin/auth-pam/

[root@localhost auth-pam]# make

[root@localhost auth-pam]# cp openvpn-auth-pam.so /etc/openvpn/

四、安装PAM_MYSQL组件

[root@localhost ~]# tar zxvf pam_mysql-0.7RC1.tar.gz

[root@localhostpam_mysql-0.7RC1]# ./configure \

–with-mysql=/usr/local/mysql && make && make install

## 创建一个软链

[root@localhost ~]# ln -s /lib/security/pam_mysql.so /lib64/security/

五、配置整合

1、配置数据库

[root@localhost ~]# service mysqld start

## 设置一个ROOT的访问数据库的密码111111

[root@localhost ~]# /usr/local/mysql/bin/mysqladmin password 111111

## 创建数据库

mysql> create database openvpn;

## 创建一个表

mysql> use openvpn;

Database changed

mysql> CREATE TABLE user (

-> name char(20) NOT NULL,

-> password char(128) default NULL,

-> active int(10) NOT NULL DEFAULT 1,

-> PRIMARY KEY (name)

-> );

Query OK, 0 rows affected (0.02 sec)

## 插入一条

mysql> insert into user (name,password) values (‘lishixin’,password(‘lishixin’));

## 查询一下

clip_image001

## 创建帐号

mysql> grant all privileges on openvpn.* to "openvpn"@"127.0.0.1" identified by "openvpn";

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

2、配置PAM模块

## 创建

[root@localhost ~]# vim /etc/pam.d/openvpn

## 添加如下内容

auth optional pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2

account required pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2

3、检查相关模块

## saslauthd是否安装

[root@localhost ~]# rpm -qa|grep sasl

cyrus-sasl-plain-2.1.22-5.el5_4.3

cyrus-sasl-plain-2.1.22-5.el5_4.3

cyrus-sasl-lib-2.1.22-5.el5_4.3

cyrus-sasl-lib-2.1.22-5.el5_4.3

cyrus-sasl-devel-2.1.22-5.el5_4.3

cyrus-sasl-devel-2.1.22-5.el5_4.3

cyrus-sasl-2.1.22-5.el5_4.3

4、测试PAM_MYSQL

## 运行

[root@localhost ~]# saslauthd -a pam

## 返回 OK 为正常

[root@localhost ~]# testsaslauthd -ulishixin -plishixin -s openvpn

0: OK "Success."

不正常的请查看/var/log/messages与/var/log/messages

## 结束测试进程

[root@localhost ~]# killall saslauthd

5、配置OPENVPN

## 请查看如下值

local 0.0.0.0

## 你OPENVPN服务器要宣告的路由

push "route 192.168.10.0 255.255.255.0"

tls-auth ta.key 0 # This file is secret

log openvpn.log

plugin ./openvpn-auth-pam.so openvpn

client-cert-not-required

username-as-common-name

6、启动OPENVPN

[root@localhost openvpn]# service openvpn start

六、配置客户端

1、安装客户端

##一路回车安装成功

clip_image002

2、配置客户端

## 进入默认安装目录

C:\Program Files\OpenVPN\config

##创建配置文件 client.ovpn

client

dev tun

proto udp

remote 192.168.242.128 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

auth-user-pass

ns-cert-type server

tls-auth ta.key 1

comp-lzo

verb 3

auth-nocache

3、从服务器下载如下配置文件

Ca.crt

Ta.key

七、安装完成

clip_image003

八、结束语

详细配置方法自行研究,不再一一叙述。

【原创】采用MYSQL存储OpenVPN验证信息 有 52 条回应

  1. When I initially commented I seem to have clicked the -Notify me when new
    comments are added- checkbox and now each time a comment is added I receive 4 emails with
    the exact same comment. There has to be a way
    you are able to remove me from that service? Many thanks!

    回复
  2. Hello, I enjoy reading through your article. I like to write a little comment to support you.

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注