This is an authentication plug-in for OpenVPN. It uses sqlite database for ID/Password authentication. It is python script, so you can modify this script as necessary.
Setting up the credentials databaseYou have to create sqlite database that stores the login credentials. In the sample database, there is a table that is called "Users". This table contains "UserId" field, "Password" field and "Active" field. You can modify
auth-sqlite.pyscript to use other table and/or fields.
- You need to store the hashed password instead of plain password. We use RIPEMD160 as message digest algorithm.
Place the plug-in script and database filePlace
vpnusers.db(you may change the filename) in the appropriate directory. Usually you can place it in
/etc/openvpn. Make sure this script has a execute permission.
Edit the server configuration fileAdd these directives to your OpenVPN server configuration file. You may remove
script-security 2 client-cert-not-required username-as-common-name setenv auth_sqlite_db /etc/openvpn/vpnusers.db auth-user-pass-verify /etc/openvpn/auth-sqlite.py via-filePlease change the path in
auth-user-pass-verifydirective as needed.
ConnectTry to connect to the server. Before you connect to the server, you have to add
auth-user-passdirective to your client configuration file. You can use vpnux Connector Lite as OpenVPN client.
Source code : auth-sqlite.py
#!/usr/bin/python import os import sys import hashlib try: import sqlite3 except: from pysqlite2 import dbapi2 as sqlite3 ## Read settings from config sqlite_file = os.environ["auth_sqlite_db"] print "[auth-sqlite] sqlite_file : " + sqlite_file ## Read username and password from via-file filename = sys.argv print "[auth-sqlite] filename : " + filename fp = open(filename) data = fp.readlines() fp.close() username = data.rstrip() password = data.rstrip() print "[auth-sqlite] username : " + username print "[auth-sqlite] password : " + password h = hashlib.new("ripemd160") h.update(password) hashedPassword = h.hexdigest() print "[auth-sqlite] hashedPassword : " + hashedPassword ## Connect and fetch from database vals = (username, hashedPassword) conn = sqlite3.connect(sqlite_file) cur = conn.cursor() cur.execute('SELECT count(*) FROM Users WHERE UserId = ? AND Password = ? AND Active = 1', vals) row = cur.fetchone(); targetRows = row conn.close() print targetRows ## Return result if(targetRows == 1): print "[auth-sqlite] Authentication succeed." sys.exit(0) else: print "[auth-sqlite] Authentication failed." sys.exit(1) sys.exit(1)