openvpn-auth-pam.soを使うとPAMでUNIXユーザ認証ができる。Vyattaで作ったユーザで接続できるので管理は簡単になるけど、最低限Operator権限を開放することになるので抵抗がある人もいるかも。

set interfaces openvpn vtun6 encryption ‘aes256’
set interfaces openvpn vtun6 hash ‘sha512’
set interfaces openvpn vtun6 mode ‘server’
set interfaces openvpn vtun6 openvpn-option ‘–comp-lzo’
set interfaces openvpn vtun6 openvpn-option ‘–plugin /usr/lib64/openvpn/openvpn-auth-pam.so login’
set interfaces openvpn vtun6 openvpn-option ‘–client-cert-not-required’
set interfaces openvpn vtun6 openvpn-option ‘–username-as-common-name’
set interfaces openvpn vtun6 protocol ‘tcp-passive’
set interfaces openvpn vtun6 server subnet ’10.xxx.yyy.zzz/24′
set interfaces openvpn vtun6 tls ca-cert-file ‘/config/auth/ca.crt’
set interfaces openvpn vtun6 tls cert-file ‘/config/auth/ap1.crt’
set interfaces openvpn vtun6 tls dh-file ‘/config/auth/dh2048.pem’
set interfaces openvpn vtun6 tls key-file ‘/config/auth/ap1.key’