赞
踩
一、安装相关
yum install gcc gcc-c++ openssl openssl-devel pam-devel sqlite-devel
二、安装 Openvpn 服务器端
三、添加 SQLite 认证
1、下载
- git clone https://gitee.com/mshxuyi/pam_sqlite3.git
-
- cd pam_sqlite3
-
- make
-
- cp pam_sqlite3.so /lib64/security/
2、添加 pam 认证文件
- vim /etc/pam.d/openvpn
-
-
- auth required pam_sqlite3.so db=/etc/openvpn/openvpn.db table=t_user user=username passwd=password expire=expire crypt=1
- account required pam_sqlite3.so db=/etc/openvpn/openvpn.db table=t_user user=username passwd=password expire=expire crypt=1
3、配置服务器
- vim /etc/openvpn/server.conf
-
-
- # 最后添加
- verify-client-cert none
- username-as-common-name
- plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
-
- script-security 3
- client-connect /etc/openvpn/server/connect.py
- client-disconnect /etc/openvpn/server/disconnect.py
4、配置客户端
- client
- dev tun
- proto tcp
- remote 192.168.1.71 1194
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- ca ca.crt
-
- # 注释这两行
- ;cert tomma.crt
- ;key tomma.key
-
- remote-cert-tls server
- tls-auth ta.key 1
- cipher AES-256-GCM
- comp-lzo
- verb 3
- auth-nocache
-
-
- # 加入这一行,使用用户名密码登录openvpn服务器
- auth-user-pass
5、安装 python 相关
- # 安装 python3
- yum install python36 -y
-
- # 安装相关服务
- # Tornado:python编写的web服务器兼web应用框架
- # Peewee :Peewee是一个简单小巧的Python ORM框架
-
- pip3 install peewee tornado
6、下载 openvpn-web
7、导入数据库
- cd /opt
-
- git clone https://gitee.com/mshxuyi/openvpn_web.git
-
- cd openvpn_web
-
- sqlite3 /etc/openvpn/openvpn.db < model/openvpn.sql
8、新建 自动生成 logs 脚本,注意这两个文件设置执行权限
- vim /etc/openvpn/server/connect.py
-
- #!/usr/bin/python
-
- import os
- import time
- import sqlite3
-
- username = os.environ['common_name']
- trusted_ip = os.environ['trusted_ip']
- trusted_port = os.environ['trusted_port']
- local = os.environ['ifconfig_local']
- remote = os.environ['ifconfig_pool_remote_ip']
- timeunix= os.environ['time_unix']
-
- logintime = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(time.time()))
-
- conn = sqlite3.connect("/etc/openvpn/openvpn.db")
- cursor = conn.cursor()
- query = "insert into t_logs(username, timeunix, trusted_ip, trusted_port, local, remote, logintime) values('%s','%s', '%s', '%s', '%s', '%s', '%s')" % (username, timeunix, trusted_ip, trusted_port, local, remote, logintime)
- cursor.execute(query)
- conn.commit()
- conn.close()
- vim /etc/openvpn/server/disconnect.py
-
- #!/usr/bin/python
-
- import os
- import time
- import sqlite3
-
- username = os.environ['common_name']
- trusted_ip = os.environ['trusted_ip']
- received = os.environ['bytes_received']
- sent = os.environ['bytes_sent']
-
- logouttime = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(time.time()))
-
- conn = sqlite3.connect("/etc/openvpn/openvpn.db")
- cursor = conn.cursor()
- query = "update t_logs set logouttime='%s', received='%s', sent= '%s' where username = '%s' and trusted_ip = '%s'" % (logouttime, received, sent, username, trusted_ip)
- cursor.execute(query)
- conn.commit()
- conn.close()
- chmod +x /etc/openvpn/server/connect.py
- chmod +x /etc/openvpn/server/disconnect.py
9、启动脚本
- # 重启 vpn
- systemctl start openvpn@server.service
-
- # 开启防火墙
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-
- # 启动
- python3 myapp.py &
10、进入后台
http://192.168.1.113:8000/login 账号:admin 密码:123456
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。