openvpn access server varsayılan olarak yerel sqlite kullanmaktadır.
Şayet biz bilgilerimizi sqlite yerine mysqlde tutmak istiyorsak;
1. mysql serverda as_certs, as_userprop, as_config, as_log databaselerini açıyoruz.
2. /root/.my.cnf yi ayarlıyoruz ki openvpnas direk mysql bağlanabilirsin.
cat ~/.my.cnf
[client]
port=3306
#socket=/var/run/mysqld/mysqld.sock
host=127.0.0.1
password="parolanızı buraya yazın"
.my.cnf nin dosya sahiplik yetkileri olarak 600/400 (keyfinize göre) verirseniz iyi.
3. olarak as_templ.conta aşağıdaki değişiklikleri yapıyoruz.
/usr/local/openvpn_as# grep db etc/as_templ.conf
# certs_db=sqlite:///~/db/certs.db
certs_db=mysql://127.0.0.1/as_certs
# user_prop_db=sqlite:///~/db/userprop.db
user_prop_db=mysql://127.0.0.1/as_userprop
# config_db=sqlite:///~/db/config.db
config_db=mysql://127.0.0.1/as_config
# log_db=sqlite:///~/db/log.db
log_db=mysql://127.0.0.1/as_log
4. son aşama olarak
/usr/local/openvpn_as/bin/ovpn-init
çalıştırıyorsunuz ve yerel database kullanılmasını istiyoruz.
Use local authentication via internal DB?
> Press ENTER for default [no]: yes
Hepsi bu kadar.
ÖNEMLİ HATIRLATMA BU BİLGİ TÜM BİLGİLERİNİ SİLER/SİLEBİLİR!!!
ovpn-init tüm çıktısı;
root@rwx:/usr/local/openvpn_as/etc# /usr/local/openvpn_as/bin/ovpn-init
Detected an existing OpenVPN-AS configuration.
Continuing will delete this configuration and restart from scratch.
Please enter 'DELETE' to delete existing configuration: DELETE
Stopping openvpnas daemon...
OpenVPN Access Server
Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)
1. Copyright Notice: OpenVPN Access Server License;
Copyright (c) 2009-2011 OpenVPN Technologies, Inc.. All rights reserved.
"OpenVPN" is a trademark of OpenVPN Technologies, Inc.
2. Redistribution of OpenVPN Access Server binary forms and documents,
are permitted provided that redistributions of OpenVPN Access Server
binary forms and documents must reproduce the above copyright notice.
3. You agree not to reverse engineer, decompile, disassemble, modify, translate,
make any attempt to discover the source code of this software, or create
derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software
components, some of which fall under different licenses. By using
OpenVPN or any of the bundled components, you agree to be bound by
the conditions of the license for each respective component.
See /usr/local/openvpn_as/license.txt in the Access Server distribution
for more info.
5. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
OPENVPN TECHNOLOGIES, INC BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Please enter 'yes' to indicate your agreement [no]: yes
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.
Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 192.168.254.254
(3) vmnet2: 192.168.248.1
(4) vmnet8: 172.16.148.1
(5) tun0: 172.16.2.4
Please enter the option number from the list above (1-5).
> Press Enter for default [2]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Use local authentication via internal DB?
> Press ENTER for default [no]: yes
Private subnets detected: ['172.16.2.0/24', '172.16.148.0/24', '192.168.248.0/24', '192.168.254.0/24']
Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).
You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.
Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]:
> Please specify your OpenVPN-AS license key (or leave blank to specify later):
Initializing OpenVPN...
Adding new user login...
useradd -s /sbin/nologin "openvpn"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: rwx
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating init scripts...
Generating PAM config...
Generating init scripts auto command...
Starting openvpnas...
NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly. Please ensure that your time and date
are correct on this system.
Initial Configuration Complete!
You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://192.168.254.254:943/admin
Login as "openvpn" with the same password used to authenticate
to this UNIX host.
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://192.168.254.254:943/admin
Client UI: https://192.168.254.254:943/
See the Release Notes for this release at:
http://www.openvpn.net/access-server/rn/openvpn_as_1_8_3.html
root@rwx:/usr/local/openvpn_as/etc#
Şayet biz bilgilerimizi sqlite yerine mysqlde tutmak istiyorsak;
1. mysql serverda as_certs, as_userprop, as_config, as_log databaselerini açıyoruz.
2. /root/.my.cnf yi ayarlıyoruz ki openvpnas direk mysql bağlanabilirsin.
cat ~/.my.cnf
[client]
port=3306
#socket=/var/run/mysqld/mysqld.sock
host=127.0.0.1
password="parolanızı buraya yazın"
.my.cnf nin dosya sahiplik yetkileri olarak 600/400 (keyfinize göre) verirseniz iyi.
3. olarak as_templ.conta aşağıdaki değişiklikleri yapıyoruz.
/usr/local/openvpn_as# grep db etc/as_templ.conf
# certs_db=sqlite:///~/db/certs.db
certs_db=mysql://127.0.0.1/as_certs
# user_prop_db=sqlite:///~/db/userprop.db
user_prop_db=mysql://127.0.0.1/as_userprop
# config_db=sqlite:///~/db/config.db
config_db=mysql://127.0.0.1/as_config
# log_db=sqlite:///~/db/log.db
log_db=mysql://127.0.0.1/as_log
4. son aşama olarak
/usr/local/openvpn_as/bin/ovpn-init
çalıştırıyorsunuz ve yerel database kullanılmasını istiyoruz.
Use local authentication via internal DB?
> Press ENTER for default [no]: yes
Hepsi bu kadar.
ÖNEMLİ HATIRLATMA BU BİLGİ TÜM BİLGİLERİNİ SİLER/SİLEBİLİR!!!
ovpn-init tüm çıktısı;
root@rwx:/usr/local/openvpn_as/etc# /usr/local/openvpn_as/bin/ovpn-init
Detected an existing OpenVPN-AS configuration.
Continuing will delete this configuration and restart from scratch.
Please enter 'DELETE' to delete existing configuration: DELETE
Stopping openvpnas daemon...
OpenVPN Access Server
Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)
1. Copyright Notice: OpenVPN Access Server License;
Copyright (c) 2009-2011 OpenVPN Technologies, Inc.. All rights reserved.
"OpenVPN" is a trademark of OpenVPN Technologies, Inc.
2. Redistribution of OpenVPN Access Server binary forms and documents,
are permitted provided that redistributions of OpenVPN Access Server
binary forms and documents must reproduce the above copyright notice.
3. You agree not to reverse engineer, decompile, disassemble, modify, translate,
make any attempt to discover the source code of this software, or create
derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software
components, some of which fall under different licenses. By using
OpenVPN or any of the bundled components, you agree to be bound by
the conditions of the license for each respective component.
See /usr/local/openvpn_as/license.txt in the Access Server distribution
for more info.
5. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
OPENVPN TECHNOLOGIES, INC BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Please enter 'yes' to indicate your agreement [no]: yes
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.
Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 192.168.254.254
(3) vmnet2: 192.168.248.1
(4) vmnet8: 172.16.148.1
(5) tun0: 172.16.2.4
Please enter the option number from the list above (1-5).
> Press Enter for default [2]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Use local authentication via internal DB?
> Press ENTER for default [no]: yes
Private subnets detected: ['172.16.2.0/24', '172.16.148.0/24', '192.168.248.0/24', '192.168.254.0/24']
Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).
You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.
Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]:
> Please specify your OpenVPN-AS license key (or leave blank to specify later):
Initializing OpenVPN...
Adding new user login...
useradd -s /sbin/nologin "openvpn"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: rwx
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating init scripts...
Generating PAM config...
Generating init scripts auto command...
Starting openvpnas...
NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly. Please ensure that your time and date
are correct on this system.
Initial Configuration Complete!
You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://192.168.254.254:943/admin
Login as "openvpn" with the same password used to authenticate
to this UNIX host.
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://192.168.254.254:943/admin
Client UI: https://192.168.254.254:943/
See the Release Notes for this release at:
http://www.openvpn.net/access-server/rn/openvpn_as_1_8_3.html
root@rwx:/usr/local/openvpn_as/etc#
Yorumlar
Yorum Gönder