windows7 安装 OpenVpn

1、下载程序

下载地址：http://openvpn.net/index.php/download.html

（文章使用：openvpn-install-2.4.6-I601.exe）

2、安装配置

2.1、NEXT --> I Agree，NEXT --> Install(默认路径)

2.2、server配置

改动C:\Program Files\OPENVPN\easy-rsa\vars.bat.sample的下面部分，请依据自身情况改动,也能够不改动！以下是解释

set KEY_COUNTRY=CN
set KEY_PROVINCE=Nanjing
set KEY_CITY=Nanjing
set KEY_ORG=chenkuo
set KEY_EMAIL[email protected]

打开命令提示符：win + r --> cmd 进入命令提示符

cd C:\Program Files\openvpn\easy-rsa
init-config
vars
clean-all

生成证书，上述填写默认即可

build-ca
Common Name (eg, your name or your server's hostname) [changeme]:vpn
Name [changeme]:

build-dh

build-key-server server 
Common Name (eg, your name or your server's hostname) [changeme]:server

build-key client
Common Name (eg, your name or your server's hostname) [changeme]:client

2.3、将生成的ca.crt，dh1024.pem，server.crt，server.key拷贝到C:\Program Files\OpenVPN\config文件夹下,这四个文件是VPN服务端执行所须要的文件

2.4、ca.crt，client.crt，client.key这三个是VPN客户端所须要的文件，拷贝到客户端机器的C:\Program Files\OpenVPN\config文件夹下

2.5、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件server.ovpn:

local 0.0.0.0
port 9090
proto tcp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.10.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 114.114.114.114"
push "dhcp-option DNS 8.8.8.8"
client-to-client
duplicate-cn
keepalive 10 120

comp-lzo
;max-clients 100

;user nobody
;group nobody

;persist-key
;persist-tap

status openvpn-status.log
verb 3
mute 20

username-as-common-name
client-cert-not-required
auth-user-pass-verify checkpsw.exe via-env
script-security 3

2.6、在C:\Program Files\OpenVPN\config文件夹下创建服务端配置文件client.ovpn:

client
dev tap
proto tcp
remote 192.168.100.12 9090
;remote-random
resolv-retry infinite
nobind

;user nobody
;group nobody

persist-key
persist-tun
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
mute-replay-warnings
;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
;cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
;key "C:\\Program Files\\OpenVPN\\config\\client.key"
comp-lzo
verb 3
;mute 20
auth-user-pass
<ca>
ca.crt证书内容
</ca>

3、实现客户端账号密码登录

3.1、在server.ovpn添加

username-as-common-name
client-cert-not-required
auth-user-pass-verify checkpsw.exe via-env
script-security 3

3.2、在conf下添加userpwd 和checkpsw.exe

3.2.1、userpwd格式

#用户名　　　　  密码        是否启用(0/1) 中间用空格隔开 
xiaoli　　　　123456       1
xiaowang     654321       0

3.2.2、checkpsw.exe 源码

#include "pch.h"
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX 1024

int checkpsw(char *username, char *password)
{
    FILE *f;
    char user[MAX + 2], pass[MAX + 2], active[MAX + 2];
    if (!(f = fopen("userpwd", "r")))
    {
        perror("Open PASSWORD file error");
        printf("The password file not found\n");
        return -1;
    }
    while (!feof(f))
    {
        fscanf(f, "%s %s %s\n", user, pass, active);
        if (strcmp(username, user) == 0 && strcmp(password, pass) == 0 && strcmp(active, "1") == 0)
        {
            fclose(f);
            return 0;
            //验证通过应该返回0;
        }
    }
    fclose(f);
    return 1;
}

int main()
{
    int status;
    status = checkpsw(getenv("USERNAME"), getenv("PASSWORD"));
    return status;
}

3.2.3、使用vs2017编译

问题1：

 C4996 ‘fopen’: This function or variable may be unsafe.

解决方法：

项目 --> 项目属性 --> c/c++ --> 预处理器定义，添加：_CRT_SECURE_NO_WARNINGS

问题2：

无法查找或打开pdb文件

解决方法：

问题3：

解决方法：

注意;

3.2.4、将生成的checkpsw.exe文件，放入服务端的目录：C:\Program Files\OpenVPN\config中即可

windows7 安装 OpenVpn

猜你喜欢