2012年3月22日 星期四

install openvpn integrated with mysql authentication

1.install openvpn server
#apt-get install openvpn sasl2-bin libpam-mysql libssl-dev openssl

2.install mysql server
#apt-get install mysql-server mysql-client

3.create database vpn and add one table name vpnuser
----- mysql command ------
create database vpn;
use vpn;
create table vpnuser(name char(20) not null primary key,password char(128) not null,
active int(10) not null default 1);
insert into vpnuser(name,password) values('vpn','vpn');
grant all on vpn.* to 'openvpn'@'%' identified by 'openvpn';
flush privileges;

4.add one file name openvpn on /etc/pam.d/
#vim /etc/pam.d/openvpn
auth sufficient pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=vpn
table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0
account required pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=vpn
table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0

5.testing pam module for mysql
#saslauthd -a pam
if no output means ok
#testsaslauthd -u vpn -p vpn -s openvpn
0: OK "Success."

6.make dir to openvpn,copy sample file and grant permission on the directory
#mkdir /etc/openvpn/easy-rsa/
#cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
#chown -R root /etc/openvpn/easy-rsa/
#cd /etc/openvpn/easy-rsa/
#ln -s openssl-1.0.0.cnf openssl.cnf

7.modify some paramenters on /etc/openvpn/easy-rsa/vars
#vim /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="TW"
export KEY_PROVINCE="TW"
export KEY_CITY="TAIPEI"
export KEY_ORG="CSP_Company"
export KEY_EMAIL="tommy@csp.com"

8.generate certificate keys
#cd /etc/openvpn/easy-keys
#source vars
#./clean-all
#./bulid-dh
#./pkitool --initca
#./pkitool --server vpnc3

沒有留言:

張貼留言