当我在server.conf上使用该插件进行身份验证时,身份验证将不起作用,但是如果没有它,则不存在的用户也可以进行身份验证。
我在服务器conf和clinet中添加了以下几行
Commands in the server.conf file
================================
mode server
tls-server
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login
key-direction 0
================================
Commands in the client file
=================================
port 1194
proto udp
dev tun
nobind
key-direction 1
redirect-gateway def1
tls-version-min 1.2
auth SHA256
auth-user-pass
tls-client
remote-cert-tls server
resolv-retry infinite
persist-key
persist-tun
verb 3
===============================
Logs:
==============================================================
PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
TLS Auth Error: Auth Username/Password verification failed for peer
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1559124952) Wed May 29 10:15:52 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:
openvpn[10420]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=*****```
==============================================================
答案 0 :(得分:0)
尽管推荐使用生产import { merge } from 'rxjs';
import { filter, publish, withLatestFrom } from 'rxjs/operators';
export const ofType = (...types) => source =>
source.pipe(filter(({ type }) => !!~types.indexOf(type)));
export const combineWithState = state$ => source =>
source.pipe(
withLatestFrom(state$, (action, state) => ({
action,
state
}))
);
export const combinePipes = (...pipes) => source =>
source.pipe(
publish(multicasted$ =>
merge.apply(source, pipes.map(p => p(multicasted$)))
)
);
export const combineTopics = (...topics) => state$ => action$ =>
merge.apply(action$, topics.map(topic => topic(action$, state$)));
的方式,但我使用了不同的方法,但是我采用了一个shell脚本并获得了身份验证,但请记住这很危险。
在import React, { useContext, useState, useEffect } from 'react';
import { ArxduxContext } from './context';
const Provider = ({ store, children }) => {
const [dispatch, state$, initialState] = store;
const [internalState, setInternalState] = useState(initialState);
useEffect(() => {
state$.subscribe(setInternalState);
}, []);
console.log('component state', internalState);
return (
<ArxduxContext.Provider value={{ store: internalState, dispatch }}>
{children}
</ArxduxContext.Provider>
);
};
export default Provider;
文件中添加以下行
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login现在在/etc/openvpn/server.conf中创建一个包含以下内容的文件
--verify-cline-cert none
script-security 2
auth-user-pass-verify /etc/openvpn/example.sh via-file
现在在/etc/openvpn/example.sh中创建具有以下内容的用户名和密码
!/bin/bash
echo "started"
username=`head -1 $1`
password=`tail -1 $1`
if grep "$username:$password" $0.passwd > /dev/null 2>&1
then
exit 0
else
if grep "$username" $0.passwd > /dev/null 2>&1
then
echo "auth-user-pass-verify: Wrong password entered for user '$username'"
else
echo "auth-user-pass-verify: Unknown user '$username'"
fi
exit 1
fi
现在创建一个客户端文件并使用您的密码导入和连接,但这是我不想提供客户端文件的堆栈。