Add files via upload

openvpn-server/README.md

@@ -0,0 +1,29 @@
+# OpenVPN-Server一键式部署
+OneKey Install OpenVPN Server
+
+1、创建checkpsw.sh文件
+添加执行权限
+chmod +x /etc/openvpn/checkpsw.sh
+
+2、创建用户和密码认证文件
+vim /etc/openvpn/psw-file
+admin 123456 (前面是用户 后面是密码)
+
+注：这里 psw-file的权限
+chmod 400 /etc/openvpn/psw-file
+chown nobody.nobody /etc/openvpn/psw-file       #CentOS
+chown nobody:nogroup psw-file     #Ubuntu/Debian
+
+3、修改Server端配置文件，添加以下三行代码。
+auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
+username-as-common-name
+script-security 3
+
+4、修改客户端配置文件：client.ovpn
+再添加这一行，就会提示输入用户名和密码
+auth-user-pass
+在remote 上把地址改为公网地址/域名
+
+5、新建openvpn-password.log日志文件，并修改写入权限
+touch /var/log/openvpn-password.log
+chmod 666 /var/log/openvpn-password.log

openvpn-server/checkpsw.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+###########################################################
+# checkpsw.sh (C) 2004 Mathias Sundman <[email protected]>
+#
+# This script will authenticate OpenVPN users against
+# a plain text file. The passfile should simply contain
+# one row per user with the username first followed by
+# one or more space(s) or tab(s) and then the password.
+PASSFILE="/etc/openvpn/psw-file"
+LOG_FILE="/var/log/openvpn/password.log"
+TIME_STAMP=`date "+%Y-%m-%d %T"`
+
+###########################################################
+
+if [ ! -r "${PASSFILE}" ]; then
+  echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
+  exit 1
+fi
+CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
+if [ "${CORRECT_PASSWORD}" = "" ]; then 
+  echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
+  exit 1
+fi
+if [ "${password}" = "${CORRECT_PASSWORD}" ]; then 
+  echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
+  exit 0
+fi
+echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
+exit 1