tar -zxvf open***-2.2.2.tar.gz
cd open***-2.2.2/
./configure --prefix=/usr/local/open*** && make && make install
mkdir -p /etc/open***
cd /root/open***-2.2.2
cp -R easy-rsa /etc/open***
cd /etc/open***/easy-rsa/2.0/
cp vars vars_bak
7 修改vars的内容信息:
vim vars
###最下面修改内容:
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="beijing"
export KEY_ORG="beijingidc"
export KEY_EMAIL="你的邮箱地址"
8 生成服务器和客户端需要的key文件:
source ./vars
./clean-all
./build-ca ca
./build-key-server server
./build-dh
/usr/local/open***/sbin/open*** --genkey --secret keys/ta.key
9 创建mysql用于***的账号存放:
##启动mysql:
service mysqld restart
###创建数据验证信息:
mysql> create database ***;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL ON ***.* TO ***@localhost IDENTIFIED BY '***123';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> use ***;
Database changed
mysql> CREATE TABLE ***user (
-> name char(20) NOT NULL,
-> password char(128) default NULL,
-> active int(10) NOT NULL DEFAULT 1,
-> PRIMARY KEY (name)
-> );
Query OK, 0 rows affected (0.30 sec)
mysql> insert into ***user (name,password) values('user1',password('123456'));
Query OK, 1 row affected (0.02 sec)
10 创建pam用于验证:
###创建pam验证配置文件:
vim /etc/pam.d/open***
auth sufficient pam_mysql.so user=*** passwd=***123 host=localhost db=*** table=***user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2
account required pam_mysql.so user=*** passwd=***123 host=localhost db=*** table=***user usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2
#crypt(0) -- Used to decide to use MySQL's PASSWORD() function or crypt()
#0 = No encryption. Passwords in database in plaintext. NOT recommended!
#1 = Use crypt
#2 = Use MySQL PASSWORD() function
wget http://down1.chinaunix.net/distfiles/open***-2.0.7.tar.gz
tar -zxvf open***-2.0.7.tar.gz
cd open***-2.0.7/
./configure
cd plugin/auth-pam/
make
cp open***-auth-pam.so /etc/open***/
client
dev tun
proto udp
remote 192.168.80.151 1194 ##服务端的IP
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-auth ta.key 1
ns-cert-type server
comp-lzo
verb 5
auth-user-pass