local <HOST IP> port 1194 proto tcp dev tun ca /usr/local/etc/openvpn/ca.crt cert /usr/local/etc/openvpn/server.crt key /usr/local/etc/openvpn/server.key dh /usr/local/etc/openvpn/dh1024.pem server 192.168.78.0 255.255.255.0 ifconfig-pool-persist /usr/local/etc/openvpn/ips push "redirect-gateway" auth-user-pass-verify /usr/local/etc/openvpn/auth.pl via-env client-cert-not-required username-as-common-name keepalive 100 120 comp-lzo client-config-dir /usr/local/etc/openvpn/ccd max-clients 250 persist-key persist-tun status /usr/local/etc/openvpn/openvpn-status.log verb 3
#!/usr/bin/perl
use strict;
my $passwdfile = "/usr/local/etc/openvpn/users";
my $isValidUser = 0;
my $username;
my $password;
my $thisUsername = $ENV{'username'};
my $thisPassword = $ENV{'password'};
open (PASSWORDS,"$passwdfile") or die "can't find file: $passwdfile : $!\n";
while (<PASSWORDS>) {
($username,$password)= split (/:/, $_);
chomp $username;
chomp $password;
if ($username eq $thisUsername && $password eq $thisPassword) {
$isValidUser = 1;
last;
}
}
close PASSWORDS;
if ($isValidUser == 1) {
print "ERR\n";
exit 1;
} else {
print "OK\n";
exit 0;
}
client dev tun proto tcp remote <HOST IP> 1194 resolv-retry infinite nobind persist-key persist-tun pull auth-user-pass ca ca.crt comp-lzo verb 3
login:password
Имя файла должно полностью совпадать с login. Для нормальной работы openvpn-клиента под windows - IP шлюза и серый IP клиента должны быть из одной /30 подсети. Под linux/BSD таких ограничений нет.
ifconfig-push 192.168.78.CIENT_IP 192.168.78.VPN_GATEWAY