티스토리 뷰

VPN

openvpn 인증서 = ID 매칭

초보의 CHOMAN 2018.07.02 13:25



https://serverfault.com/questions/358855/how-to-prevent-users-from-sharing-certificates-in-openvpn 




디렉토리 생성

mkdir /etc/openvpn/script



vim /etc/openvpn/scripts/check_cn_on_connect.sh (파일 생성)



#!/bin/bash


# username and common_name must be the same to allow access.

# users are not allowed to share their cert

if [ $username != $common_name ]; then

   echo "$(date +%Y%m%d-%H%M%S) DENIED  username=$username cert=$common_name" >> /var/log/openvpn-access.log

   exit 1

fi


echo "$(date +%Y%m%d-%H%M%S) GRANTED username=$username cert=$common_name" >> /var/log/openvpn-access.log


exit 0

 



vim /etc/openvpn/server.conf (라인추가)



# 인증서 검증 (사용자 인증서 = 사용자 계정)

script-security 2

# untrusted state

auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env

 



chmod +x /etc/openvpn/scripts/check_cn_on_connect.sh

chown nobody.nobody check_cn_on_connect.sh



touch /var/log/openvpn-access.log

chown nobody.nobody /var/log/openvpn-access.log

'VPN' 카테고리의 다른 글

openvpn 인증서 = ID 매칭  (0) 2018.07.02
SSTP (softether) 설치  (0) 2018.04.05
openvpn tcp 설정  (0) 2018.03.16
softether bridge 설정  (0) 2018.03.16
openvpn tap bonding  (0) 2018.03.06
TAP DEVICE BONDING  (0) 2018.03.06
댓글
댓글쓰기 폼