采用MYSQL存储OpenVPN验证信息_MySQL

OpenVPN

bitsCN.com
采用MYSQL存储OpenVPN验证信息 安装OPenVPN 一、安装MYSQL [root@localhost ~]# tar zxvf mysql-5.1.57.tar.gz [root@localhost ~]# cd mysql-5.1.57 [root@localhost mysql-5.1.57]# ./configure –prefix=/usr/local/mysql / –with-extra-charsets=complex / –enable-assembler / –with-pthread / –enable-thread-safe-client / –with-big-tables / –with-plugins=innobase,innodb_plugin / –with-embedded-server / –enable-local-infile / –with-readline / > && make && make install ## 建账号 [root@localhost mysql-5.1.57]# useradd mysql -M -s /sbin/nologin ## 更改目录权限 [root@localhost mysql-5.1.57]# chown -R mysql:mysql /usr/local/mysql ## 复制配置文件 [root@localhost mysql-5.1.57]# cp support-files/my-medium.cnf /etc/my.cnf ## 复制服务启动文件 [root@localhost mysql-5.1.57]# cp support-files/mysql.server /etc/init.d/mysqld ## 添加执行权限 [root@localhost mysql-5.1.57]# chmod +x /etc/init.d/mysqld ## 初始化数据库 [root@localhost mysql-5.1.57]# /usr/local/mysql/bin/mysql_install_db –user=mysql 二、安装压缩组件 [root@localhost ~]# tar zxvf lzo-2.05.tar.gz [root@localhost lzo-2.05]# ./configure && make && make install 三、安装OPENVPN [root@localhost ~]# tar zxvf openvpn-2.0.9.tar.gz [root@localhost openvpn-2.0.9]# ./configure && make && make install ## 复制服务启动文件 [root@localhost openvpn-2.0.9]# cp sample-scripts/openvpn.init /etc/init.d/openvpn ## 创建配置文件夹 [root@localhost openvpn-2.0.9]# mkdir /etc/openvpn/ -p ## 复制配置文件 [root@localhost openvpn-2.0.9]# cp ./sample-config-files/server.conf /etc/openvpn/ ## 进入 [root@localhost openvpn-2.0.9]# cd ./easy-rsa/2.0/ ## 配置vars [root@localhost 2.0]# vim vars ## 更改成如下内容 # These are the default values for fields # which will be placed in the certificate. # Don’t leave any of these fields blank. export KEY_COUNTRY="CN" export KEY_PROVINCE="CN" export KEY_CITY="BeiJing" export KEY_ORG="Bejing" export KEY_EMAIL=lishixin@pingco.com ## 执行 [root@localhost 2.0]# source ./vars [root@localhost 2.0]# ./clean-all ## 创建配置文件 [root@localhost 2.0]# ./build-ca [root@localhost 2.0]# ./build-key-server server [root@localhost 2.0]# ./build-dh [root@localhost 2.0]# openvpn –genkey –secret keys/ta.key ## 复制到配置文件夹目录 [root@localhost 2.0]# cp keys/* /etc/openvpn/ ## 进入执行编译模块 [root@localhost openvpn-2.0.9]# cd ./plugin/auth-pam/ [root@localhost auth-pam]# make [root@localhost auth-pam]# cp openvpn-auth-pam.so /etc/openvpn/ 四、安装PAM_MYSQL组件 [root@localhost ~]# tar zxvf pam_mysql-0.7RC1.tar.gz [root@localhostpam_mysql-0.7RC1]# ./configure / –with-mysql=/usr/local/mysql && make && make install ## 创建一个软链 [root@localhost ~]# ln -s /lib/security/pam_mysql.so /lib64/security/ 五、配置整合 1、配置数据库 [root@localhost ~]# service mysqld start ## 设置一个ROOT的访问数据库的密码111111 [root@localhost ~]# /usr/local/mysql/bin/mysqladmin password 111111 ## 创建数据库 mysql> create database openvpn; ## 创建一个表 mysql> use openvpn; Database changed mysql> CREATE TABLE user ( -> name char(20) NOT NULL, -> password char(128) default NULL, -> active int(10) NOT NULL DEFAULT 1, -> PRIMARY KEY (name) -> ); Query OK, 0 rows affected (0.02 sec) ## 插入一条 mysql> insert into user (name,password) values (‘lishixin’,password(‘lishixin’)); ## 查询一下 ## 创建帐号 mysql> grant all privileges on openvpn.* to "openvpn"@"127.0.0.1" identified by "openvpn"; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) 2、配置PAM模块 ## 创建 [root@localhost ~]# vim /etc/pam.d/openvpn ## 添加如下内容 auth optional pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2 account required pam_mysql.so user=openvpn passwd=openvpn host=127.0.0.1 db=openvpn table=user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2 3、检查相关模块 ## saslauthd是否安装 [root@localhost ~]# rpm -qa|grep sasl cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-2.1.22-5.el5_4.3 4、测试PAM_MYSQL ## 运行 [root@localhost ~]# saslauthd -a pam ## 返回 OK 为正常 [root@localhost ~]# testsaslauthd -ulishixin -plishixin -s openvpn 0: OK "Success." 不正常的请查看/var/log/messages与/var/log/messages ## 结束测试进程 [root@localhost ~]# killall saslauthd 5、配置OPENVPN ## 请查看如下值 local 0.0.0.0 ## 你OPENVPN服务器要宣告的路由 push "route 192.168.10.0 255.255.255.0" tls-auth ta.key 0 # This file is secret log openvpn.log plugin ./openvpn-auth-pam.so openvpn client-cert-not-required username-as-common-name 6、启动OPENVPN [root@localhost openvpn]# service openvpn start 六、配置客户端 1、安装客户端 ##一路回车安装成功 2、配置客户端 ## 进入默认安装目录 C:/Program Files/OpenVPN/config ##创建配置文件 client.ovpn client dev tun proto udp remote 192.168.242.128 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt auth-user-pass ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3 auth-nocache 3、从服务器下载如下配置文件 Ca.crt Ta.key 七、安装完成 八、结束语 详细配置方法自行研究，不再一一叙述。 作者 李士新 bitsCN.com