一:安装并配置认证模块
#安装openvpn-plugin-auth-pam插件,下载对应版本的openvpn源码
wget https://swupdate.openvpn.net/community/releases/openvpn-2.4.12.tar.gz
#解压,并安装插件
tar -zxvf openvpn-2.4.12.tar.gz
cd openvpn-2.4.12
./configure
cd src/plugins/auth-pam
make && make install
#安装epel源
yum -y install epel-release
#安装Google authenticator
yum install google-authenticator
#创建google auth目录
mkdir /etc/google-auth
#配置pam
vim /etc/pam.d/openvpn
auth requisite /lib/security/pam_google_authenticator.so secret=/etc/google-auth/${USER} user=root
account required pam_permit.so
#配置openvpn 增加auth插件
vim /etc/openvpn/server.conf
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
auth SHA256
完成后重启openVPN
二:创建MFA用户