среда, 4 июня 2014 г.

Сервер OpenVPN с аутентификацией через Radius

Настройка сервера OpenVPN с аутентификацией через Radius в Debian:
# aptitude install openvpn openvpn-auth-radius
# cat /etc/openvpn/radiusplugin.cnf
NAS-Identifier=openvpn
Service-Type=2
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=10.100.10.85
OpenVPNConfig=/etc/openvpn/server.conf
subnet=255.255.255.0
overwriteccfiles=true
server
{
        # The UDP port for radius accounting.
        acctport=1815
        # The UDP port for radius authentication.
        authport=1812
        # The name or ip address of the radius server.
        name=10.100.4.100
        # How many times should the plugin send the if there is no response?
        retry=1
        # How long should the plugin wait for a response?
        wait=1
        # The shared secret.
        sharedsecret=mymegasecretkey
}
# cat /etc/openvpn/server.conf
local my_public_ip
port 443
proto tcp
dev tun
tun-mtu 1500
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key 
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
client-cert-not-required
username-as-common-name
ifconfig-pool-persist ipp.txt
push "route 10.100.0.0 255.255.0.0"
push "route 10.102.0.0 255.255.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/status.log 1
plugin /usr/lib/openvpn/radiusplugin.so
log-append  /var/log/openvpn/openvpn.log
verb 3

Комментариев нет:

Отправить комментарий