1、下载程序
下载地址:http://openvpn.net/index.php/download.html
(文章使用:openvpn-install-2.4.6-I601.exe)
2、安装配置
2.1、NEXT --> I Agree,NEXT --> Install(默认路径)
2.2、server配置
改动C:\Program Files\OPENVPN\easy-rsa\vars.bat.sample的下面部分,请依据自身情况改动,也能够不改动!以下是解释
set KEY_COUNTRY=CN set KEY_PROVINCE=Nanjing set KEY_CITY=Nanjing set KEY_ORG=chenkuo set KEY_EMAIL[email protected]
打开命令提示符:win + r --> cmd 进入命令提示符
cd C:\Program Files\openvpn\easy-rsa init-config vars clean-all
生成证书,上述填写默认即可
build-ca Common Name (eg, your name or your server's hostname) [changeme]:vpn Name [changeme]:
build-dh
build-key-server server Common Name (eg, your name or your server's hostname) [changeme]:server
build-key client Common Name (eg, your name or your server's hostname) [changeme]:client
2.3、将生成的ca.crt,dh1024.pem,server.crt,server.key拷贝到C:\Program Files\OpenVPN\config文件夹下,这四个文件是VPN服务端执行所须要的文件
2.4、ca.crt,client.crt,client.key这三个是VPN客户端所须要的文件,拷贝到客户端机器的C:\Program Files\OpenVPN\config文件夹下
2.5、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件server.ovpn:
local 0.0.0.0 port 9090 proto tcp dev tap ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.10.100.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;push "route 0.0.0.0 0.0.0.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 114.114.114.114" push "dhcp-option DNS 8.8.8.8" client-to-client duplicate-cn keepalive 10 120 comp-lzo ;max-clients 100 ;user nobody ;group nobody ;persist-key ;persist-tap status openvpn-status.log verb 3 mute 20 username-as-common-name client-cert-not-required auth-user-pass-verify checkpsw.exe via-env script-security 3
2.6、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件client.ovpn:
client dev tap proto tcp remote 192.168.100.12 9090 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry ;http-proxy [proxy server] [proxy port] mute-replay-warnings ;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" ;cert "C:\\Program Files\\OpenVPN\\config\\client.crt" ;key "C:\\Program Files\\OpenVPN\\config\\client.key" comp-lzo verb 3 ;mute 20 auth-user-pass <ca> ca.crt证书内容 </ca>
3、实现客户端账号密码登录
3.1、在server.ovpn添加
username-as-common-name client-cert-not-required auth-user-pass-verify checkpsw.exe via-env script-security 3
3.2、在conf下添加userpwd 和checkpsw.exe
3.2.1、userpwd格式
#用户名 密码 是否启用(0/1) 中间用空格隔开 xiaoli 123456 1 xiaowang 654321 0
3.2.2、checkpsw.exe 源码
#include "pch.h" #include <iostream> #include <stdio.h> #include <stdlib.h> #include <string.h> #define MAX 1024 int checkpsw(char *username, char *password) { FILE *f; char user[MAX + 2], pass[MAX + 2], active[MAX + 2]; if (!(f = fopen("userpwd", "r"))) { perror("Open PASSWORD file error"); printf("The password file not found\n"); return -1; } while (!feof(f)) { fscanf(f, "%s %s %s\n", user, pass, active); if (strcmp(username, user) == 0 && strcmp(password, pass) == 0 && strcmp(active, "1") == 0) { fclose(f); return 0; //验证通过应该返回0; } } fclose(f); return 1; } int main() { int status; status = checkpsw(getenv("USERNAME"), getenv("PASSWORD")); return status; }
3.2.3、使用vs2017编译
问题1:
C4996 ‘fopen’: This function or variable may be unsafe.
解决方法:
项目 --> 项目属性 --> c/c++ --> 预处理器定义,添加:_CRT_SECURE_NO_WARNINGS
问题2:
无法查找或打开pdb文件
解决方法:
问题3:
解决方法:
注意;
3.2.4、将生成的checkpsw.exe文件,放入服务端的目录:C:\Program Files\OpenVPN\config中即可