1、下载程序
下载地址:http://openvpn.net/index.php/download.html
(文章使用:openvpn-install-2.4.6-I601.exe)
2、安装配置
2.1、NEXT --> I Agree,NEXT --> Install(默认路径)
2.2、server配置
改动C:\Program Files\OPENVPN\easy-rsa\vars.bat.sample的下面部分,请依据自身情况改动,也能够不改动!以下是解释
set KEY_COUNTRY=CN
set KEY_PROVINCE=Nanjing
set KEY_CITY=Nanjing
set KEY_ORG=chenkuo
set KEY_EMAIL=lijie@chenkuo.com.cn打开命令提示符:win + r --> cmd 进入命令提示符
cd C:\Program Files\openvpn\easy-rsa
init-config
vars
clean-all生成证书,上述填写默认即可
build-ca
Common Name (eg, your name or your server's hostname) [changeme]:vpn
Name [changeme]:build-dhbuild-key-server server
Common Name (eg, your name or your server's hostname) [changeme]:server
build-key client
Common Name (eg, your name or your server's hostname) [changeme]:client2.3、将生成的ca.crt,dh1024.pem,server.crt,server.key拷贝到C:\Program Files\OpenVPN\config文件夹下,这四个文件是VPN服务端执行所须要的文件
2.4、ca.crt,client.crt,client.key这三个是VPN客户端所须要的文件,拷贝到客户端机器的C:\Program Files\OpenVPN\config文件夹下
2.5、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件server.ovpn:
local 0.0.0.0
port 9090
proto tcp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.10.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 114.114.114.114"
push "dhcp-option DNS 8.8.8.8"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
;max-clients 100
;user nobody
;group nobody
;persist-key
;persist-tap
status openvpn-status.log
verb 3
mute 20
username-as-common-name
client-cert-not-required
auth-user-pass-verify checkpsw.exe via-env
script-security 32.6、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件client.ovpn:
client
dev tap
proto tcp
remote 192.168.100.12 9090
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
mute-replay-warnings
;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
;cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
;key "C:\\Program Files\\OpenVPN\\config\\client.key"
comp-lzo
verb 3
;mute 20
auth-user-pass
<ca>
ca.crt证书内容
</ca>3、实现客户端账号密码登录
3.1、在server.ovpn添加
username-as-common-name
client-cert-not-required
auth-user-pass-verify checkpsw.exe via-env
script-security 33.2、在conf下添加userpwd 和checkpsw.exe
3.2.1、userpwd格式
#用户名 密码 是否启用(0/1) 中间用空格隔开
xiaoli 123456 1
xiaowang 654321 03.2.2、checkpsw.exe 源码
#include "pch.h"
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX 1024
int checkpsw(char *username, char *password)
{
FILE *f;
char user[MAX + 2], pass[MAX + 2], active[MAX + 2];
if (!(f = fopen("userpwd", "r")))
{
perror("Open PASSWORD file error");
printf("The password file not found\n");
return -1;
}
while (!feof(f))
{
fscanf(f, "%s %s %s\n", user, pass, active);
if (strcmp(username, user) == 0 && strcmp(password, pass) == 0 && strcmp(active, "1") == 0)
{
fclose(f);
return 0;
//验证通过应该返回0;
}
}
fclose(f);
return 1;
}
int main()
{
int status;
status = checkpsw(getenv("USERNAME"), getenv("PASSWORD"));
return status;
}3.2.3、使用vs2017编译
问题1:
C4996 ‘fopen’: This function or variable may be unsafe.解决方法:
项目 --> 项目属性 --> c/c++ --> 预处理器定义,添加:_CRT_SECURE_NO_WARNINGS
问题2:
无法查找或打开pdb文件
解决方法:
问题3:
解决方法:
注意;
3.2.4、将生成的checkpsw.exe文件,放入服务端的目录:C:\Program Files\OpenVPN\config中即可
