본문 바로가기

시스템/OpenVPN

[OpenVPN] PAM인증을 통한 Client ID/PASSWORD 방식 접속

반응형
  • Server의 system 계정을 사용하며 단, root 로는 로그인이 안됨.

 

Server Config

 

  • server.conf에 pam plugin 추가
    • openvpn-plugin-auth-pam.so 은 openvpn 설치시 포함되어 있음.
> vim /etc/openvpn/server.conf
...
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login

# 인증서 방식 사용안함
client-cert-not-required

username-as-common-name
auth-nocache
...

 

 

Client Ovpn Profile

  • ca.crt, ta.key 를 제외한 Client Key 삭제
client
remote <server ip>
proto tcp
dev tun
port <server port>

<ca>
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAMPaoNTeUspRMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
...
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b9f9efed34847785846b144231ab4e00
...
-----END OpenVPN Static key V1-----
</tls-auth>

tls-client
key-direction 1
auth SHA512
cipher AES-256-CBC

comp-lzo
ns-cert-type server
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

# client key 사용안함
client-cert-not-required

# id/pass 방식 사용
auth-user-pass

 

 

접속 시도

  • 아래 그림과 같이 id/pass 입력창 출력

 

 

Linux Client Ovpn Profile

 

  • client.conf
client
remote <server ip>
proto tcp
dev tun
port <server port>
<ca>
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAMPaoNTeUspRMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
...
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b9f9efed34847785846b144231ab4e00
...
-----END OpenVPN Static key V1-----
</tls-auth>
tls-client
key-direction 1
auth SHA512
cipher AES-256-CBC

comp-lzo
ns-cert-type server
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
#verify-client-cert none
auth-user-pass

verb 4

 

  • 접속 시도
openvpn --config client.conf
반응형