采用MYSQL存儲OpenVPN驗證信息

采用MYSQL存儲OpenVPN驗證信息   安裝OPenVPN   一、安裝MYSQL   [root@localhost ~]# tar zxvf mysql-5.1.57.tar.gz   www.2cto.com   [root@localhost ~]# cd mysql-5.1.57   [root@localhost mysql-5.1.57]# ./configure –prefix=/usr/local/mysql \   –with-extra-charsets=complex \   –enable-assembler \   –with-pthread \   –enable-thread-safe-client \   –with-big-tables \   –with-plugins=innobase,innodb_plugin \   –with-embedded-server \   –enable-local-infile \   www.2cto.com   –with-readline \   > && make && make install   ## 建賬號   [root@localhost mysql-5.1.57]# useradd mysql -M -s /sbin/nologin   ## 更改目錄權限   [root@localhost mysql-5.1.57]# chown -R mysql:mysql /usr/local/mysql   ## 復制配置文件   [root@localhost mysql-5.1.57]# cp support-files/my-medium.cnf /etc/my.cnf   ## 復制服務啟動文件   [root@localhost mysql-5.1.57]# cp support-files/mysql.server /etc/init.d/mysqld   ## 添加執行權限   [root@localhost mysql-5.1.57]# chmod +x /etc/init.d/mysqld   ## 初始化數據庫   [root@localhost mysql-5.1.57]# /usr/local/mysql/bin/mysql_install_db –user=mysql   二、安裝壓縮組件   [root@localhost ~]# tar zxvf lzo-2.05.tar.gz   www.2cto.com   [root@localhost lzo-2.05]# ./configure && make && make install   三、安裝OPENVPN   [root@localhost ~]# tar zxvf openvpn-2.0.9.tar.gz   [root@localhost openvpn-2.0.9]# ./configure && make && make install   ## 復制服務啟動文件   [root@localhost openvpn-2.0.9]# cp sample-scripts/openvpn.init /etc/init.d/openvpn   ## 創建配置文件夾   [root@localhost openvpn-2.0.9]# mkdir /etc/openvpn/ -p   ## 復制配置文件   [root@localhost openvpn-2.0.9]# cp ./sample-config-files/server.conf /etc/openvpn/   ## 進入   [root@localhost openvpn-2.0.9]# cd ./easy-rsa/2.0/   ## 配置vars   [root@localhost 2.0]# vim vars   ## 更改成如下內容   # These are the default values for fields   # which will be placed in the certificate.   # Don’t leave any of these fields blank.   export KEY_COUNTRY="CN"   export KEY_PROVINCE="CN"   export KEY_CITY="BeiJing"   export KEY_ORG="Bejing"   www.2cto.com   export [email protected]   ## 執行   [root@localhost 2.0]# source ./vars   [root@localhost 2.0]# ./clean-all   ## 創建配置文件   [root@localhost 2.0]# ./build-ca   [root@localhost 2.0]# ./build-key-server server   [root@localhost 2.0]# ./build-dh   [root@localhost 2.0]# openvpn –genkey –secret keys/ta.key   ## 復制到配置文件夾目錄   [root@localhost 2.0]# cp keys/* /etc/openvpn/   ## 進入執行編譯模塊   [root@localhost openvpn-2.0.9]# cd ./plugin/auth-pam/   [root@localhost auth-pam]# make   [root@localhost auth-pam]# cp openvpn-auth-pam.so /etc/openvpn/   四、安裝PAM_MYSQL組件   [root@localhost ~]# tar zxvf pam_mysql-0.7RC1.tar.gz   www.2cto.com   [root@localhostpam_mysql-0.7RC1]# ./configure \   –with-mysql=/usr/local/mysql && make && make install   ## 創建一個軟鏈   [root@localhost ~]# ln -s /lib/security/pam_mysql.so /lib64/security/   五、配置整合   1、配置數據庫   [root@localhost ~]# service mysqld start   ## 設置一個ROOT的訪問數據庫的密碼111111   [root@localhost ~]# /usr/local/mysql/bin/mysqladmin password 111111   ## 創建數據庫   mysql> create database openvpn;   ## 創建一個表   mysql> use openvpn;   Database changed   mysql> CREATE TABLE user (   -> name char(20) NOT NULL,   www.2cto.com   -> password char(128) default NULL,   -> active int(10) NOT NULL DEFAULT 1,   -> PRIMARY KEY (name)   -> );   Query OK, 0 rows affected (0.02 sec)   ## 插入一條   mysql> insert into user (name,password) values (‘lishixin’,password(‘lishixin’));   ## 查詢一下     ## 創建帳號   www.2cto.com   mysql> grant all privileges on openvpn.* to "openvpn"@"127.0.0.1" identified by "openvpn";   Query OK, 0 rows affected (0.00 sec)   mysql> flush privileges;   Query OK, 0 rows affected (0.01 sec)   2、配置PAM模塊   ## 創建   [root@localhost ~]# vim /etc/pam.d/openvpn   ## 添加如下內容   auth optional pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2   account required pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2   3、檢查相關模塊   www.2cto.com   ## saslauthd是否安裝   [root@localhost ~]# rpm -qa|grep sasl   cyrus-sasl-plain-2.1.22-5.el5_4.3   cyrus-sasl-plain-2.1.22-5.el5_4.3   cyrus-sasl-lib-2.1.22-5.el5_4.3   cyrus-sasl-lib-2.1.22-5.el5_4.3   cyrus-sasl-devel-2.1.22-5.el5_4.3   cyrus-sasl-devel-2.1.22-5.el5_4.3   cyrus-sasl-2.1.22-5.el5_4.3   4、測試PAM_MYSQL   ## 運行   [root@localhost ~]# saslauthd -a pam   ## 返回 OK 為正常   [root@localhost ~]# testsaslauthd -ulishixin -plishixin -s openvpn   0: OK "Success."   不正常的請查看/var/log/messages與/var/log/messages   ## 結束測試進程   [root@localhost ~]# killall saslauthd   www.2cto.com   5、配置OPENVPN   ## 請查看如下值   local 0.0.0.0   ## 你OPENVPN服務器要宣告的路由   push "route 192.168.10.0 255.255.255.0"   tls-auth ta.key 0 # This file is secret   log openvpn.log   plugin ./openvpn-auth-pam.so openvpn   client-cert-not-required   username-as-common-name   6、啟動OPENVPN   [root@localhost openvpn]# service openvpn start   六、配置客戶端   1、安裝客戶端   ##一路回車安裝成功     2、配置客戶端   ## 進入默認安裝目錄   www.2cto.com   C:\Program Files\OpenVPN\config   ##創建配置文件 client.ovpn   client   dev tun   proto udp   remote 192.168.242.128 1194   resolv-retry infinite   nobind   persist-key   persist-tun   ca ca.crt   auth-user-pass   ns-cert-type server   tls-auth ta.key 1   comp-lzo   verb 3   auth-nocache   www.2cto.com   3、從服務器下載如下配置文件   Ca.crt   Ta.key   七、安裝完成     八、結束語   詳細配置方法自行研究，不再一一敘述。     作者 李士新