Open GoogleCodeExporter opened 9 years ago
You should read openvpn documentation a little on this. Basically you'll need
some script (I think it shouldn't be perl script) or binary file, which will
return 0 on correct username/password and 1 otherwise.
in the config file:
...
username-as-common-name
auth-user-pass-verify check-auth.sh via-file
client-cert-not-required
...
Some time ago I used smth. like the following (check-auth.sh):
---------------------------------------------------------
#!/bin/sh
secrets=/etc/openvpn/secrets
ret=1
# read username from the first line of temp file, created by openvpn
# ONLY LATIN CHARACTERS, NUMBERS and "_" is allowed to use for username
username=$(sed -n '1s/^\s*//;1s/\s*$//;1s/[^a-zA-Z0-9\_]//g;1s/.*/&/p' "$1")
# compare password hashes
[ "`sed -n 's/^\s*//;s/\s*$//;s/^'"${username}"'\s*//p' "${secrets}" | md5sum`"
\
== "`sed -n '2s/^\s*//;2s/\s*$//;2s/.*/&/p' "$1" | md5sum`" ] && ret=0
exit ${ret}
------------------------------------------------------
Original comment by ser...@soulblader.com
on 23 Feb 2014 at 6:54
Thanks for the answer.
Is this "/etc/openvpn/secrets" file the one used in pptp and l2tp ? I don't see
it when connecting to the router via telnet.
Can I use the same pw/auth as in the other vpn servers ?
Original comment by hatvanil...@gmail.com
on 24 Feb 2014 at 12:27
No, it is not. You should create it with any logic you want, but then you
should modify a script, which is used to check auth.
For example, you can put it to: /etc/storage/openvpn/server/secrets.
`username-as-common-name' means that username will be picked from client public
certificate, CN section.
Original comment by d...@soulblader.com
on 24 Feb 2014 at 4:47
Original issue reported on code.google.com by
hatvanil...@gmail.com
on 10 Feb 2014 at 7:37