2
回答
linux openvpn 使用php脚本验证不成功
【腾讯云】学生服务器套餐10元/月 >>>   

fc6的os,vpn的版本是2.1.1

安装网站的安装方法,在Windows下用gui登陆成功

现在问题是,帐号密码验证没办法起作用

server端的配置文件:

local 192.168.1.14
port 1194
proto udp

dev tap
tun-mtu 1472
tun-mtu-extra 32
mssfix 1400
;dev-node MyTap

ca /root/openvpn/keys/ca.crt  
cert /root/openvpn/keys/servers.crt
key /root/openvpn/keys/servers.key
dh /root/openvpn/keys/dh1024.pem
;crl-verify vpncrl.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.1 255.255.255.0 10.8.0.2 10.8.0.102

push "redirect-gateway"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 192.168.10.1"
script-security 3
auth-user-pass-verify /root/check.sh via-env
client-cert-not-required
username-as-common-name
;client-to-client

;duplicate-cn

keepalive 20 120


#   openvpn --genkey --secret ta.key

;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

max-clients 100

user root
group root

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

verb 3
;mute 20

client端的配置

client
dev tap
;dev-node MyTap
proto udp
tun-mtu 1472
tun-mtu-extra 32
mssfix 1400
remote 192.168.1.14 1194
remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody

persist-key
persist-tun

;mute-replay-warnings

ca ca.crt
auth-user-pass
#cert client.crt
#key client.key

;ns-cert-type server

;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

comp-lzo

verb 3

;mute 20 

check.sh 执行一个php文件,下面是代码

#/usr/bin/php -q
<?php
$result=0;
$username = getenv('username');
$password = getenv('password');
echo $username;
if($username=='test' && $password=='1234'){
$result=1;
}else{
$result=0;
}
exit($result);
?>

现在情况就是,客户端随便输入帐号和密码都可以连接上!

我也尝试了把server端的"auth-user-pass-verify /root/check.sh via-env" 改成用php直接运行,"auth-user-pass-verify /root/openvpn/pass.php via-env"

这样改了之后,验证就全都失败了,查看客户端的log,打开意思是username读取不了

请大家帮忙看看,到底是那步出问题了

 

举报
snakesnail
发帖于8年前 2回/929阅
共有2个答案 最后回答: 8年前

找到问题所在了,认真在看一下文档,有这么一段,"The script should examine the username and password, returning a success exit code (0) if the client's authentication request is to be accepted, or a failure code (1) to reject the client."!!

所以php验证的文件,应该改成:

#/usr/bin/php -q

<?php

$result=1;

$username = getenv('username');

$password = getenv('password');

#echo $username;

if($username=='test' && $password=='1234'){

$result=0;

}else{

$result=1;

}

#echo $result;

exit($result);

#return $result;

?>

这样就可以正常的验证用户了!

 

顶部