I would like to setup an OpenVPN server which would accept credential based authentication from clients. The concept is described in the documentation:
While it is discouraged from a security perspective, it is also possible to disable the use of client certificates, and force username/password authentication only. On the server:
client-cert-not-requiredSuch configurations should usually also set:
username-as-common-namewhich will tell the server to use the username for indexing purposes as it would use the Common Name of a client which was authenticating via a client certificate.
Where and how is this password set up?
I would like it to be the same for all clients (which would just identify themselves via the username, per username-as-common-name above)
You'll either use:
auth-user-pass-verify vpn_user.sh via-envor:
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/loginIn first one,
vpn_user.shis your custom script to verify password. In second, a user should be created in your OS for authentication.