Есть сервер FreeBSD 8.0-CURRENT на нём OpenVPN 2.0.6.
Пытался реализовать что-то вроде этого - http://www.lissyara.su/?id=1712 , только вместо ldap хочу использовать обычный файл.
server.conf
Код: Выделить всё
mode server
port 2458
proto udp
dev tap
ca /usr/local/etc/openvpn/keys/3g_server/ca.crt
cert /usr/local/etc/openvpn/keys/3g_server/server.crt
key /usr/local/etc/openvpn/keys/3g_server/server.key
dh /usr/local/etc/openvpn/keys/3g_server/dh2048.pem
server 192.168.101.0 255.255.255.0
;push "route 192.168.1.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.101.0 255.255.255.252
tls-server
tls-auth keys/3g_server/ta.key 0
tls-timeout 120
auth MD5 #
cipher BF-CBC
keepalive 10 120
ifconfig-pool-persist "/usr/local/etc/openvpn/ipp.txt"
client-to-client
plugin /usr/local/lib/openvpn-auth-pam.so "login login USERNAME password PASSWORD"
auth-user-pass-verify "/usr/local/etc/openvpn/auth-pam.pl /usr/local/etc/openvpn/users.pw" via-file
comp-lzo
max-clients 3
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
Код: Выделить всё
login1
pass1
login2
pass2
Код: Выделить всё
client
remote *** 2458
proto udp
dev tap
resolv-retry infinite
ca ca.crt
cert client.crt
key client.key
tls-client
tls-auth ta.key 1
ns-cert-type server
tls-timeout 120
auth MD5
auth-user-pass
cipher BF-CBC
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
Код: Выделить всё
AUTH-PAM: BACKGROUND: user 'test' failed to authenticate: authentication error
Mon Oct 6 11:18:08 2008 1.1.1.1:1194 PLUGIN_CALL: POST /usr/local/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Mon Oct 6 11:18:08 2008 1.1.1.1:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Auth 'bugness' failed, PAM said: authentication error
Mon Oct 6 11:18:08 2008 1.1.1.1:1194 TLS Auth Error: Auth Username/Password verification failed for peer