当前位置: 首页 >> 应用软件 >> 网络相关 >> OpenVPN在Windows下使用User/Pass验证

OpenVPN在Windows下使用User/Pass验证

作者：wenzk 来源：cublog 发表时间：2006-07-27 浏览次数：字号：大 中 小

中国源码网内相关主题链接

在windows中构建gtk开发环境

Windows mobile 5.0系统中操纵...

Windows中的消息详细列表

Windows VC6编译安装Boost库

Windows 消息大全使用详解

Windows编程之句柄解析

Windows时间函数大全

Windows下Eclipse+CDT+MinGW安装

OpenVPN在Windows下使用User/Pass验证

对于Windows下使用User/Pass验证已经是很久以前的承诺了，因为一开始一直都是在找寻
使用CMD(bat)文件检查用户名/密码的方式，但是一直没有结果，最后使用C写了一个小程
序实现用户名/密码验证。

转载请注明出处，如有疑问访问: http://wenzk.cublog.cn 反馈。

Windows安装OpenVPN是很容易的，OpenVPN GUI下载网址：
http://openvpn.se/files/install_packages/openvpn-2.0.7-gui-1.0.3-install.exe

记得选上easy-rsa这部分脚本，安装完毕后，easy-rsa在C:\Program Files\OpenVPN\目录下。

把easy-rsa目录下的vars.bat.sample改名为vars.bat，并且修改其内容：
==================================
set KEY_COUNTRY=CN
set KEY_PROVINCE=Liaoning
set KEY_CITY=Shenyang
set KEY_ORG=OpenVPN
set KEY_EMAIL=elm@elm.freetcp.com
==================================
其它部分就不用修改了，上面部分修改成你自己的配置。

把easy-rsa下的openssl.cnf.sample改成openssl.cnf。

然后进入cmd.exe
=============================================
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd "\Program Files\OpenVPN\easy-rsa"

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
系统找不到指定的文件。
已复制         1 个文件。
已复制         1 个文件。

C:\Program Files\OpenVPN\easy-rsa>

生成Root CA
格式: build-ca.bat
输出: keys/ca.crt keys/ca.key
======================================================================
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
................................................................................
....++++++
....................................++++++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Liaoning]:
Locality Name (eg, city) [Shenyang]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:OpenVPN ORG
Common Name (eg, your name or your server's hostname) []:OpenVPN ROOTCA
Email Address [elm@elm.freetcp.com]:

生成dh1024.pem文件，Server使用TLS必须使用的一个文件。
格式: build-dh.bat
输出: keys/dh1024.pem
============================================================================
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat
Loading 'screen' into random state - done
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
............................................................+.................+.
................................................................................
................................................................................
....+..................+...........................+..........................+.
.........................+............................+.+.......................
............................................+......+...+...............+........
..+...........+............+.....................+...+.........................+
.....+..............................................................+...........
...............+....................................+.......................+...
.....................................................+..........................
..................................................+.............................
......................................+..............+.+........................
+..........................................................................+....
................................................................+...............
......................................+...+.............................+.......
............+...........+................+......................................
.........+...........................................+..........................
................................................................................
.+.......+....+..............+..................................................
.........................................................................+......
..........+.....................................................................
................................................................................
...........................+....................................................
........+.......................................................................
...................................................+..............+.........+...
........................................+.........+...................+.........
.............+.......+..........+............+................+.................
................................................................................
................................................................................
.................................+.................................++*++*++*

C:\Program Files\OpenVPN\easy-rsa>

下面开始生成Server使用的证书：
格式: build-key-server.bat <filename>
输出: keys/<filename>.crt <filename>.csr <filename>.key
================================================================================
C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat server01
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...............++++++
...........++++++
writing new private key to 'keys\server01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Liaoning]:
Locality Name (eg, city) [Shenyang]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:OpenVPN ORG
Common Name (eg, your name or your server's hostname) []:Server01
Email Address [elm@elm.freetcp.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'Liaoning'
localityName          :PRINTABLE:'Shenyang'
organizationName      :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'OpenVPN ORG'
commonName            :PRINTABLE:'Server01'
emailAddress          :IA5STRING:'elm@elm.freetcp.com'
Certificate is to be certified until Jul 7 13:33:23 2016 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>

下面生成ta.key文件
格式: openvpn --genkey --secret keys/ta.key
输出: keys/ta.key
=========================================================================
C:\Program Files\OpenVPN\easy-rsa>openvpn --genkey --secret keys/ta.key

C:\Program Files\OpenVPN\easy-rsa>

OK，那些keys就搞定了，下面开始写配置文件。
server01.ovpn内容：
----------------CUT Here-------------
port 1194
; proto tcp
proto udp
; dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server01.crt
key server01.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
auth-user-pass-verify checkpsw.exe via-env
client-cert-not-required
username-as-common-name
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status status.log
;log         /var/log/openvpn.log
;log-append /var/log/TCP_openvpn.log
verb 4
;mute 20
----------------CUT Here-------------
把配置文件放到C:\Program Files\OpenVPN\config\目录下。
把easy-rsa\keys\下的 ca.crt server01.crt server01.key ta.key dh1024.pem
复制到server01.ovpn所在目录。

同时下载本人写的破烂验证程序(checkpsw.exe)[不要仍砖块]放到OpenVPN配置目录下
程序在Windows XP SP2下测试通过，其他系统如果有问题，可以用源文件进行编译
程序在压缩包里面：

文件: checkpsw.rar

大小: 9KB

下载: 下载

在checkpsw.exe目录下建立password.txt[用于存放用户名&密码]文件：
password.txt文件格式：
用户名          密码            是否活动(0/1) 中间用空格隔开
Username    Password   Active
-------------Cut Here---------------------
wzk        wzk        1
-------------Cut Here---------------------

Server的配置已经结束，可以启动Server了，在右下角OpenVPN-gui上点右键，然后选择connected。
需要服务器启动后自动运行，修改 "控制面板" 下面的 "管理工具" 下的 "服务" 把OpenVPN设置成自动启动。

Client的配置文件：
client.ovpn
-------------Cut Here---------------------
client
dev tun
proto udp

remote 61.1.1.2 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite
nobind
user nobody
group nobody
route 192.168.0.0 255.255.252.0
persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

ca ca.crt
auth-user-pass

ns-cert-type server
tls-auth ta.key 1
comp-lzo
# Set log file verbosity.
verb 4
--------------Cut Here---------------------
并且把easy-rsa/keys下的ca.crt ta.key一起放到Client的
<OPENVPN_HOME>\config目录下。

Client的配置已经结束，可以连接Server了，在右下角OpenVPN-gui上点右键，然后选择connected。

OK，整个配置就完成了。

编辑 webmaster

发表评论　

打印本文　

推荐本文　

加入收藏　

返回顶部　

关闭窗口

姓名：		QQ：
性别：	男女	MSN：
E-mail：		主页：
评分：	1 2 3 4 5
评论内容：
验证码：

OpenVPN在Windows下使用User/Pass验证

作者：wenzk 来源：cublog 发表时间：2006-07-27 浏览次数： 字号：大 中 小

作者：wenzk 来源：cublog 发表时间：2006-07-27 浏览次数：字号：大中小