Versions Compared

Old Version 6

changes.mady.by.user Anton Vinokurov

Saved on

compared with

New Version 7

changes.mady.by.user Anton Vinokurov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Создайте скрипт, выполняющий проверку логина-пароля /etc/openvpn/verify.sh 

#!/bin/sh
## format: username:passwordusername:password ...
## you can even have same usernames with different passwords
# USERS='user1:pass1user2:pass2user3:pass3'
## you could put username:password in
## a separate file and read it like this
USERS=`cat /etc/openvpn/user.pass`
vpn_verify() {
if [ ! $1 ] || [ ! $2 ]; then
#echo "No username or password: $*"
exit 1
fi
## it can also be done with grep or sed
for i in $USERS; do
if [ "$i" = "$1:$2" ]; then
## you can add here logging of users
## if you have enough space for log file
#echo `date` $1:$2 >> your_log_file
exit 0
fi
done
}
if [ ! $1 ] || [ ! -e $1 ]; then
#echo "No file"
exit 1
fi
## $1 is file name which contains
## passed username and password
vpn_verify `cat $1`
#echo "No user with this password found"
exit 1

...

В качестве WAN интерфейса используется ether1-gateway с настройками от локального провайдера Интернет: 

/ip address
add address=272.16.130.9/24 interface=ether1-gateway network=272.16.130.0

...

В качестве LAN/WLAN интерфейса используется bridge с такими настройками: 

/ip address
add address=10.1.1.1/24 interface=bridge-guest network=10.1.1.0

...

Настройка трансляции адресов (NAT):TODO

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=wnam src-address=10.1.1.0/24

Конфигурация OpenVPN клиента на хотспоте

 

/interface ovpn-client
add auth=md5 cipher=aes128 connect-to=1.2.3.4 name=wnam password=ate45cf7y345c5y2x3 user=vpn1

Конфигурация хотспота

/ip hotspot
add disabled=no idle-timeout=none interface=bridge name=mk-wnam profile=mk-profile-wnam

/ip hotspot profile
set [ find default=yes ] dns-name=mk.k18.netams.com hotspot-address=10.130.3.1 login-by=http-pap name=mk1 radius-default-domain=k18 radius-interim-update=5m use-radius=yes
add dns-name=mk.k18.netams.com hotspot-address=10.130.102.1 html-directory=hotspot-hch login-by=http-pap name=mk-profile-hotelchat radius-default-domain=k18 radius-interim-update=10m use-radius=yes

/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no name=default1 shared-users=unlimited status-autorefresh=1h

/ip hotspot walled-garden
add dst-host=*.gosuslugi.ru dst-port=443
add dst-host=ocsp.int-x3.letsencrypt.org dst-port=80
add dst-host=cert.int-x3.letsencrypt.org dst-port=80
add dst-host=*.provider.ru dst-port=443
add dst-host=provider.ru dst-port=443
add dst-host=*.provider.ru dst-port=80
add dst-host=provider.ru dst-port=80
add dst-host=10.1.0.255 dst-port=80