Настройка сервера OpenVPN с аутентификацией через Radius в Debian:
# aptitude install openvpn openvpn-auth-radius
# cat /etc/openvpn/radiusplugin.cnf
NAS-Identifier=openvpn
Service-Type=2
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=10.100.10.85
OpenVPNConfig=/etc/openvpn/server.conf
subnet=255.255.255.0
overwriteccfiles=true
server
{
# The UDP port for radius accounting.
acctport=1815
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=10.100.4.100
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret=mymegasecretkey
}
# cat /etc/openvpn/server.conf
local my_public_ip
port 443
proto tcp
dev tun
tun-mtu 1500
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
client-cert-not-required
username-as-common-name
ifconfig-pool-persist ipp.txt
push "route 10.100.0.0 255.255.0.0"
push "route 10.102.0.0 255.255.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/status.log 1
plugin /usr/lib/openvpn/radiusplugin.so
log-append /var/log/openvpn/openvpn.log
verb 3
Комментариев нет:
Отправить комментарий