Answers:
是的,有可能。为此,您已经安装了OpenVPN服务器,并在服务器中创建了用户。
最简单的openvpn客户端是网络管理器。如果您使用的是Ubuntu,请运行:
aptitude install network-manager-openvpn
restart network-manager
现在,单击网络管理器小程序,选择“配置VPN”,并设置一个新的开放式VPN连接。将网关设置为服务器将类型设置为密码将您的CA指向服务器的ca.crt的副本,一切都应正常工作
附件是一个可以使用的简单客户端配置文件。在适当的地方对其进行编辑以匹配您的服务器设置。您将需要它和ca.crt在同一目录中。
在Linux上,我的文件称为/etc/openvpn/client.conf
##############################################
# Sample client-side OpenVPN 2.0 config file.
# for connecting to multi-client server.
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
dev tun
proto udp
# The hostname/IP and port of the server.
remote my-server-2.domain 1194
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Certificate Authority
ca ca.crt
# Username/Password authentication is used on the server
auth-user-pass
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# Set log file verbosity.
verb 3
# To start the openvpn client, simply type:
# openvpn --config /etc/openvpn/client.conf
而已。
在服务器端,您需要这样的行:
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
上面的代码将启用pam插件并使它使用/etc/pam.d/openvpn文件作为配置(注意:默认情况下该文件不存在,您可以使用“登录”代替它来验证UNIX凭据或进行设置)带有您选择的身份验证方法的openvpn(即:google authenticator)
如上所述,在客户端,您应该auth-user-pass在openvpn配置文件中使用,或者如果您使用网络管理器,请选择“带证书的密码”(用户+通过+基于证书的身份验证)或简单的“密码”选项(基于用户+通过基于密码的身份验证)身份标签。