Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to build openvpn+mysql database authentication in Linux. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

Server environment description

1. System version

CentOS release 5.10 (Final) 64bits

2. Software version

Openvpn-2.3.6-1.el5lzo-2.02-2.el5.1lzo-devel-2.02-2.el5.1easy-rsa-2.2.2-1.el5pam-0.99.6.2-12.el5pam-devel-0.99.6.2-12.el5

Configure the server pre-installation environment

1. Enable ip forwarding function

Echo "net.ipv4.ip_forward = 1" > > / etc/sysctl.confsysctl-p

2. Install dependencies and required software packages

Yum install-y openvpn easy-rsa cyrus-saslcyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-lib cyrus-sasl-gssapi pampam-devel/etc/init.d/saslauthd restart

3. Modify variables and generate certificates

Cd / usr/share/easy-rsa/2.0vi vars # edits the vars file to generate environment variables, and the parameters in vars change the export KEY_COUNTRY= "CN" # to define your country according to your needs. 2 characters export KEY_PROVINCE= "ShangHai" # your province export KEY_CITY= "ShangHai" # your city export KEY_ORG= "xxx" # your organization export KEY_EMAIL= "xxx@qq.com" # your email address You can modify source. / vars. / clean-all. / build-ca. / build-dh. / build-key client # tar-zcvf client.tar.gz keys/ {ca.crt,client.crt,client.key} # windows client to download to local mkdir / etc/openvpn/ {keys,logs,plugin/auth-pam}-pcp / usr/share/easy-rsa/2.0/keys/ {ca.crt,server.crt,server.key Dh3048.pem} / etc/openvpn/keys/cat > / etc/openvpn/server.conf # add host route push "route 10.200.0.0 255.255.0.0" push "route 10.220.0.0 255.255.0.0" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status logs/openvpn-status.log log logs/openvpn.log log-append logs/openvpn.log verb 3 plugin/ etc/openvpn/plugin/openvpn-auth-pam.so Openvpn client-cert-not-required username-as-common-name EOF

4. Use a lower version of the authentication plug-in

Wget http://pkgs.fedoraproject.org/repo/pkgs/openvpn/openvpn-2.0.7.tar.gz/93528233f1f6d02fc18e2c00f82e0aca/openvpn-2.0.7.tar.gz tar xf openvpn-2.0.7.tar.gz cd openvpn-2.0.7/plugin/auth-pam make cp openvpn-auth-pam.so / etc/openvpn/plugin/ # (this step may not be successful. If not, you can copy a copy from another machine. I put this file in the attachment) wget http://nchc.dl.sourceforge.net/project/pam-mysql/pam-mysql/0.7RC1/pam_mysql-0.7RC1.tar.gz tar xf pam_mysql-0.7RC1.tar.gz & & cd pam_mysql-0.7RC1. / configure make makeinstall ln-s / lib/security/pam_mysql.so / lib64/security/# if an error is reported in the compilation, the library file of MySQL is required: yum install-y pam-devel mysql mysql-devel cat > / etc/pam.d/openvpn

5. MySQL configuration

Mysql-hjconnhrdmgt82.mysql.rds.aliyuncs.com-uzabbix_1-p-D operations create database vpn; # grant all on vpn.* to xxx@'%' identified by 'xxxxxx'; create table openvpnuser (name char (20) NOT NULL, password char (128) default NULL, active int (10) NOT NULL DEFAULT 1, primary key (name)); insert into openvpnuser (name,password) values (' vpnuser',password ('vpnpassword')); # flush privileges

6. Start openvpn

/ etc/init.d/openvpn restart

Server-side testing

Testsaslauthd-u vpnuser-p vpnpassword-s openvpn0:OK "Success."

Windows client configuration

1. Client profile

Cat > someone.ovpn # cert client.crt # key client.key # the above two are certificates that configure the client to log in with the secret key remote-cert-tls server comp-lzo verb 3 auth-user-pass # this parameter can be followed by the file name, for example: auth.txt, the account number and password in the file need to be changed to EOF

2. Download the server certificate

Download ca.crt and someone.ovpn files locally

Iptables configuration

* nat:PREROUTING ACCEPT [222OUTPUT ACCEPT 10664]: POSTROUTING ACCEPT [37944OUTPUT ACCEPT 2486906]-A POSTROUTING-s 10.100.0.0amp 255.255.255.0-o eth0-j MASQUERADECOMMIT # is a configuration that needs to be added in the configuration file of iptables You can configure the following command and then save the iptables information to the configuration file # iptables- t nat-A POSTROUTING-s 10.100.0.0 iptables-save 255.255.255.0-o eth0-j MASQUERADE # iptables-save > / etc/sysconfig/iptables add openvpn to the boot startup item chkconfig-- add openvpn chkconfig openvpn on

TIPS

Mar 10 17:05:15 jstwpz76bqary8 openvpn [27972]: PAM unableto dlopen (/ lib/security/pam_mysql.so) Mar 10 17:05:15 jstwpz76bqary8 openvpn [27972]: PAM [error:/lib/security/pam_mysql.so: undefined symbol: pam_set_data]

If the above error occurs in / var/log/secure, please try to use the openvpn-auth-pam.so dynamic link library file compiled by the earlier version of openvpn

This is the end of this article on "how to build openvpn+mysql database authentication for Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.