I am newbie in OpenVPN and I need help to configure server and client .ovpn to use only username/password authentication. Examples of client.ovpn and server.ovpn with be very helpful. Thank's
Here what I done :
server
port 1194
proto udp
dev tun
ca "C:\\OpenVPN\\config\\ca.crt"
cert "C:\\OpenVPN\\config\\server.crt"
key "C:\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
client
client
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 188.247.133.19 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert dzoni-block.crt
key dzoni-block.key
ns-cert-type server
comp-lzo
verb 3
Above config works fine. But I want to use only username/password authentication.
I have tried to add in server client-cert-not-required , and in client auth-user-pass auth.txt where auth has 2 lines (user/pass) and its not working.
If anyone have configuration that working only with username/password some examples will helps me a lot. Thank's
Best Answer
On the server end, you would need to decide how to authenticate users with a username/password combination.
AFAIK, the most common way is to use openVPN's PAM plugin. For your purposes, you would need to have the following entries in your server.conf:
You would also need to create a PAM config for openvpn (e.g. /etc/pam.d/openvpn).
If you were using RADIUS to authenticate users, then your PAM config might look like:
And you would store the details of the RADIUS server in /etc/pam_radius.conf.
On the client side, your config could be as little as:
Just add your remote in there, and it should work.