User Tools
пакет_openvpn
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
пакет_openvpn [2025/09/15 09:22] val [Использование PAM аутентификации] |
пакет_openvpn [2025/10/20 08:27] (current) val [Настройка клиента] |
||
|---|---|---|---|
| Line 25: | Line 25: | ||
| === Настройка сервера === | === Настройка сервера === | ||
| <code> | <code> | ||
| - | # cp ca.* /etc/ssl/certs/ | + | gate# |
| - | # cp gate.crt /etc/ssl/certs/ | + | cp -v ca.* /etc/ssl/certs/ |
| - | # cp gate.key /etc/ssl/private/ | + | cp -v gate.crt /etc/ssl/certs/ |
| + | cp -v gate.key /etc/ssl/private/ | ||
| gate# cat /etc/openvpn/openvpn1.conf | gate# cat /etc/openvpn/openvpn1.conf | ||
| Line 74: | Line 75: | ||
| * [[https://mail.bmstu.ru/~postmaster/openvpn-install-2.4.0-I601.exe]] | * [[https://mail.bmstu.ru/~postmaster/openvpn-install-2.4.0-I601.exe]] | ||
| - | * [[https://openvpn.net/community-downloads/|OpenVPN community downloads]] | + | * [[https://openvpn.net/community-downloads/|OpenVPN community downloads]] [[Chrome]] |
| * Начиная с Windows 7 необходимо запускать OpenVPN с правами администратора | * Начиная с Windows 7 необходимо запускать OpenVPN с правами администратора | ||
| * [[Пакет OpenSSL#Создание пользовательского сертификата, подписанного CA]] | * [[Пакет OpenSSL#Создание пользовательского сертификата, подписанного CA]] | ||
| - | |||
| - | * !!! [[https://serverfault.com/questions/607601/include-certificates-in-ovpn-file|include certificates in .OVPN file]] | ||
| <code> | <code> | ||
| Line 94: | Line 93: | ||
| key user1.key | key user1.key | ||
| </code> | </code> | ||
| + | |||
| + | * !!! [[https://serverfault.com/questions/607601/include-certificates-in-ovpn-file|include certificates in .OVPN file]] | ||
| === Linux === | === Linux === | ||
| Line 163: | Line 164: | ||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
| </ca> | </ca> | ||
| + | </code> | ||
| + | |||
| + | === Включение 2FA === | ||
| + | |||
| + | <code> | ||
| + | debian:~# cp /etc/pam.d/login /etc/pam.d/openvpn | ||
| + | |||
| + | debian:~# cat /etc/pam.d/openvpn | ||
| + | </code><code> | ||
| + | auth required pam_google_authenticator.so authtok_prompt=pin | ||
| + | #auth required pam_google_authenticator.so authtok_prompt=pin user=root secret=/etc/openvpn/google-auth/${USER} | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | * [[Использование библиотеки PAM#Использование pamtester]] | ||
| + | <code> | ||
| + | # cat /etc/openvpn/openvpn1.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD pin OTP" | ||
| + | ... | ||
| + | </code><code> | ||
| + | debian:~# systemctl enable openvpn@openvpn1 --now | ||
| + | |||
| + | debian:~# journalctl -f | ||
| + | ... | ||
| + | Aug 29 09:45:09 debian openvpn(pam_google_authenticator)[2483]: Failed to read "/home/student/.google_authenticator" for "student" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl edit openvpn@openvpn1 | ||
| + | </code><code> | ||
| + | [Service] | ||
| + | ProtectHome=no | ||
| </code> | </code> | ||
| ==== Использование RADIUS аутентификации и учета ==== | ==== Использование RADIUS аутентификации и учета ==== | ||
пакет_openvpn.1757917365.txt.gz · Last modified: 2025/09/15 09:22 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
